USN-6826-1: mod_jk vulnerability

Karl von Randow discovered that modjk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd...

Debian DSA-4357-1 : libapache-mod-jk - security update

Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in modjk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading modjk to the new upstream version 1.2.46, which includes additional changes. -...

Debian: Security Advisory (DSA-4357-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Weblogic Apache Connector POST Request Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache/ include...

Oracle Weblogic Apache Connector POST Request Buffer Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

Oracle BEA WebLogic Server Apache Connector Buffer Overflow (CVE-2008-4008)

Oracle BEA WebLogic Server is an enterprise-class multi-tier Java Application Server platform. WebLogic is typically used as the platform for large enterprise web applications. It supports various databases including Oracle, DB2, Microsoft SQL Server, MySQL and other JDBC-compliant databases. The...

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Hello Assurent & Oracle, On Tue, 13 Jan 2009, [email protected] wrote: : Oracle BEA WebLogic Server Apache Connector Buffer Overflow : : Reference: http://www.bea.com/weblogic/server/ : : 2. Vulnerability Summary : : A remotely exploitable vulnerability has been discovered in t...

Oracle WebLogic Apache连接器远程缓冲区溢出漏洞

CVECAN ID: CVE-2008-4008 WebLogic包含多种应用系统集成方案，包括Server/Express/Integration等。 WebLogic的Apache连接器实现上存在漏洞，模块做处理请求所带的畸形参数时，未进行长度检查就把字符串拷贝到固定长度的栈缓冲区中，远程攻击者可能利用此漏洞触发栈溢出，导致执行任意指令。 Oracle WebLogic Server Oracle ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

iDefense Security Advisory 10.31.08: Oracle WebLogic Apache Connector

iDefense Security Advisory 10.29.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 29, 2008 I. BACKGROUND The WebLogic Apache Connector is module for the Apache httpd server. It is used to proxy requests from Apache to a backend WebLogic server. For more information, see the vendor's...

Oracle WebLogic Apache Connector buffer overflow

Buffer overflow on oversized HTTP request argument...

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Stack overflow

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information wa...

Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability

A string buffer overflow vulnerability has been reported in Oracle BEA WebLogic Server Apache Connector. BEA WebLogic Server is a Java Application Server platform that supports various databases including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a...

Oracle Weblogic Apache connector vulnerable to buffer overflow

Overview Oracle Weblogic formerly BEA Weblogic contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Weblogic Server and Weblogic Express applicaiton servers can be integrated with the Apache webserver usin...

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...