QwikSec

Security Database

CVE

CWE

Training

CVE-2008-3257

Published: Jul 22, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

mailing-list

x_refsource_VIM

20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

mailing-list

x_refsource_VIM

exploit

x_refsource_EXPLOIT-DB

http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

x_refsource_CONFIRM

https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

oracle-weblogic-apacheconnector-bo(43885)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.