Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

Oracle Weblogic Apache连接器POST请求远程栈溢出漏洞

BUGTRAQ ID: 30273 WebLogic包含多种应用系统集成方案，包括Server/Express/Integration等。 WebLogic的Apache连接器实现上存在漏洞，如果远程攻击者向WebLogic的Apache连接器发送了超长的POST请求的话，就可能触发栈溢出，导致执行任意指令。 Oracle WebLogic Server Oracle ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.oracle.com http://www.sebug.net/exploit/4269/...

Stack overflow

Stack-based buffer overflow in the Apache Connector modwl in Oracle WebLogic Server formerly BEA WebLogic Server 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request...

CVE-2008-3257

CVE-2008-3257 describes a stack-based buffer overflow in the Oracle WebLogic Server Apache Connector (mod_wl) that affects WebLogic Server 10.3 and earlier. The overflow occurs when handling a long HTTP version string in a POST request, allowing remote attackers to potentially execute arbitrary c...

CVE-2008-3257

Stack-based buffer overflow in the Apache Connector modwl in Oracle WebLogic Server formerly BEA WebLogic Server 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request...

CVE-2008-2581

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer...

Solaris 8 (sparc) : 124672-20

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful...

Solaris 10 (sparc) : 124672-20 (deprecated)

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful...

Solaris 9 (x86) : 124673-20

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful...

PT-2007-1146 · Oracle +1 · Oracle Weblogic Server +2

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0 Description: The issue is related to the Oracle WebLogic Server component of Oracle Fusion Middleware, specifically the Web Services subcomponent. It is an easily exploitable...