Check Point Advisories

Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability

Check Point Reference: CPAI-2008-111
Date Published: 3 Aug 2008
Severity: Critical
Last Updated: Tuesday 05 August, 2008
Source: Secunia Advisory: SA31146
Industry Reference:CVE-2008-3257
Protection Provided by:
Who is Vulnerable? Oracle BEA WebLogic Server 5.x
Oracle BEA WebLogic Server 6.x
Oracle BEA WebLogic Server 7.x
Oracle BEA WebLogic Server 8.x
Oracle BEA WebLogic Server 9.x
Oracle BEA WebLogic Server 10.x
Vulnerability Description A string buffer overflow vulnerability has been reported in Oracle (BEA) WebLogic Server Apache Connector. BEA WebLogic Server is a Java Application Server platform that supports various databases including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system.
Vulnerability DetailsThe vulnerability is due to a boundary error in the Apache connector. An attacker can exploit this issue by specially crafting an overly long POST request and sending it to the target host. Successful exploitation of this vulnerability may cause a stack-based buffer overflow, allowing the attacker to execute arbitrary code on the target system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.