Lucene search

[email protected]NVD:CVE-2008-3257

HistoryJul 22, 2008 - 4:41 p.m.

CVE-2008-3257

2008-07-2216:41:00

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.94 High

EPSS

Percentile

99.2%

JSON

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after “POST /.jsp” in an HTTP request.

Affected configurations

NVD

Node

beaweblogic_serverMatch3.1.8

beaweblogic_serverMatch4.0

beaweblogic_serverMatch4.0.4

beaweblogic_serverMatch4.5

beaweblogic_serverMatch4.5.1

beaweblogic_serverMatch4.5.1sp15

beaweblogic_serverMatch4.5.2

beaweblogic_serverMatch4.5.2sp1

beaweblogic_serverMatch4.5.2sp2

beaweblogic_serverMatch5.1

beaweblogic_serverMatch5.1sp1

beaweblogic_serverMatch5.1sp10

beaweblogic_serverMatch5.1sp11

beaweblogic_serverMatch5.1sp12

beaweblogic_serverMatch5.1sp13

beaweblogic_serverMatch5.1sp2

beaweblogic_serverMatch5.1sp3

beaweblogic_serverMatch5.1sp4

beaweblogic_serverMatch5.1sp5

beaweblogic_serverMatch5.1sp6

beaweblogic_serverMatch5.1sp7

beaweblogic_serverMatch5.1sp8

beaweblogic_serverMatch5.1sp9

beaweblogic_serverMatch6.0

beaweblogic_serverMatch6.0sp1

beaweblogic_serverMatch6.0sp2

beaweblogic_serverMatch6.0sp6

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp5

beaweblogic_serverMatch6.1sp6

beaweblogic_serverMatch6.1sp7

beaweblogic_serverMatch6.1sp8

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch7.0sp6

beaweblogic_serverMatch7.0sp7

beaweblogic_serverMatch7.0.0.1

beaweblogic_serverMatch7.0.0.1sp1

beaweblogic_serverMatch7.0.0.1sp2

beaweblogic_serverMatch7.0.0.1sp3

beaweblogic_serverMatch7.0.0.1sp4

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp5

beaweblogic_serverMatch8.1sp6

beaweblogic_serverMatch9.0

beaweblogic_serverMatch9.0ga

beaweblogic_serverMatch9.0sp1

beaweblogic_serverMatch9.0sp2

beaweblogic_serverMatch9.0sp3

beaweblogic_serverMatch9.0sp4

beaweblogic_serverMatch9.0sp5

beaweblogic_serverMatch9.1

beaweblogic_serverMatch9.1ga

beaweblogic_serverMatch9.2

beaweblogic_serverMatch9.2mp1

beaweblogic_serverMatch9.2mp2

beaweblogic_serverMatch10.0

bea_systemsapache_connector_in_weblogic_server

bea_systemsweblogic_serverMatch10.0_mp1

oracleweblogic_serverRange≤10.3

References

blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html

secunia.com/advisories/31146

www.attrition.org/pipermail/vim/2008-July/002035.html

www.attrition.org/pipermail/vim/2008-July/002036.html

www.kb.cert.org/vuls/id/716387

www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

www.securityfocus.com/bid/30273

www.securitytracker.com/id?1020520

www.vupen.com/english/advisories/2008/2145/references

exchange.xforce.ibmcloud.com/vulnerabilities/43885

support.bea.com/application_content/product_portlets/securityadvisories/2793.html

www.exploit-db.com/exploits/6089

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.94 High

EPSS

Percentile

99.2%

JSON

Related for NVD:CVE-2008-3257

saint4 prion1 cve1 nessus1 attackerkb1 checkpoint_advisories1 packetstorm1 cert1 cvelist1 oracle2