Lucene search

SAINT CorporationSAINT:A49D9212C633FA5C01E8E1F117F214F6

HistoryOct 31, 2008 - 12:00 a.m.

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

2008-10-3100:00:00

SAINT Corporation

my.saintcorporation.com

139

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.97

Percentile

99.8%

JSON

Added: 10/31/2008
CVE: CVE-2008-4008
BID: 31683
OSVDB: 49283

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted Transfer-Encoding header in an HTTP request.

Resolution

Install the latest WebLogic Server plug-in referenced in the Oracle Security Advisory.

References

<https://support.bea.com/application_content/product_portlets/securityadvisories/2806.html>

Limitations

Exploit works on the WebLogic Server Connector for Apache 1.0.1136334.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.97

Percentile

99.8%

JSON

Related for SAINT:A49D9212C633FA5C01E8E1F117F214F6