Vulnerability CVE-2008-3257


Published: 2008-07-22   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

See advisories in our WLB2 database:
Topic
Author
Date
High
Oracle Weblogic Apache Connector POST Request Buffer Overflow
KingCope
19.05.2012

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: BEA
Product: Weblogic server 
Version:
9.2
9.1
9.0
8.1
7.0.0.1
7.0
6.1
6.0
5.1
4.5.2
4.5.1
4.5
4.0.4
4.0
3.1.8
10.0
Vendor: Oracle
Product: Weblogic server 
Version: 10.3;
Vendor: Bea systems
Product: Weblogic server 
Version: 10.0_mp1;
Product: Apache connector in weblogic server 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/716387
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
http://xforce.iss.net/xforce/xfdb/43885
http://www.vupen.com/english/advisories/2008/2145/references
http://www.securitytracker.com/id?1020520
http://www.securityfocus.com/bid/30273
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
http://www.milw0rm.com/exploits/6089
http://www.attrition.org/pipermail/vim/2008-July/002036.html
http://www.attrition.org/pipermail/vim/2008-July/002035.html
http://secunia.com/advisories/31146
http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html

Related CVE
CVE-2010-2375
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect ...
CVE-2008-0901
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
CVE-2008-0902
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
CVE-2008-0903
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2008-0900
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
CVE-2008-0896
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
CVE-2008-0868
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.

Copyright 2019, cxsecurity.com

 

Back to Top