CVE-2008-3257 (weblogic_server, WebLogic Server, apache_connector_in_weblogic_server) [Sitemap] - HeapOverflow Computer Security Community & Forums : Heap Overflow.com

PDA

View Full Version : CVE-2008-3257 (weblogic_server, WebLogic Server, apache_connector_in_weblogic_server)

Heap

23-07-08, 19:51

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. NOTE: it is possible that this overlaps CVE-2008-2579 or another issue disclosed in Oracle's CPUJul2008 advisory.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3257)