Signature Detail
Short Name |
HTTP:WEBLOGIC:BEAPACHE |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
BEA Weblogic Apache Connector Buffer Overflow |
Release Date |
2008/07/31 |
Update Number |
1226 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: BEA Weblogic Apache Connector Buffer Overflow
This signature detects attempts to exploit a known vulnerability in BEA Weblogic Apache Connector. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Extended Description
Oracle mod_wl (formerly BEA mod_wl) is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- BEA Systems WebLogic Express 10.0
- BEA Systems WebLogic Express 6.1.0 SP 1
- BEA Systems WebLogic Express 6.1.0 SP 2
- BEA Systems WebLogic Express 6.1.0 SP 3
- BEA Systems WebLogic Express 6.1.0 SP 4
- BEA Systems WebLogic Express 6.1.0 SP 5
- BEA Systems WebLogic Express 6.1.0 SP 7
- BEA Systems WebLogic Express 7.0.0 .0.1 SP 1
- BEA Systems WebLogic Express 7.0.0 .0.1 SP 2
- BEA Systems WebLogic Express 7.0.0 .0.1 SP 3
- BEA Systems WebLogic Express 7.0.0 .0.1 SP 4
- BEA Systems WebLogic Express 7.0.0 SP 1
- BEA Systems WebLogic Express 7.0.0 SP 2
- BEA Systems WebLogic Express 7.0.0 SP 3
- BEA Systems WebLogic Express 7.0.0 SP 4
- BEA Systems WebLogic Express 7.0.0 SP 5
- BEA Systems WebLogic Express 7.0.0 SP 6
- BEA Systems WebLogic Express 7.0.0 SP 7
- BEA Systems WebLogic Express 8.1.0
- BEA Systems WebLogic Express 8.1.0 SP 1
- BEA Systems WebLogic Express 8.1.0 SP 2
- BEA Systems WebLogic Express 8.1.0 SP 3
- BEA Systems WebLogic Express 8.1.0 SP 4
- BEA Systems WebLogic Express 8.1.0 SP 5
- BEA Systems WebLogic Express 8.1.0 SP 6
- BEA Systems WebLogic Express 9.0
- BEA Systems WebLogic Express 9.1
- BEA Systems WebLogic Express 9.2
- BEA Systems Weblogic Server 10.0
- BEA Systems Weblogic Server 10.0 MP1
- BEA Systems Weblogic Server 6.1.0 SP 1
- BEA Systems Weblogic Server 6.1.0 SP 2
- BEA Systems Weblogic Server 6.1.0 SP 3
- BEA Systems Weblogic Server 6.1.0 SP 4
- BEA Systems Weblogic Server 6.1.0 SP 5
- BEA Systems Weblogic Server 6.1.0 SP 7
- BEA Systems Weblogic Server 7.0.0 SP 1
- BEA Systems Weblogic Server 7.0.0 SP 2
- BEA Systems Weblogic Server 7.0.0 SP 3
- BEA Systems Weblogic Server 7.0.0 SP 4
- BEA Systems Weblogic Server 7.0.0 SP 5
- BEA Systems Weblogic Server 7.0.0 SP 6
- BEA Systems Weblogic Server 7.0.0 SP 7
- BEA Systems Weblogic Server 8.1.0 SP 1
- BEA Systems Weblogic Server 8.1.0 SP 2
- BEA Systems Weblogic Server 8.1.0 SP 3
- BEA Systems Weblogic Server 8.1.0 SP 4
- BEA Systems Weblogic Server 8.1.0 SP 5
- BEA Systems Weblogic Server 8.1.0 SP 6
- BEA Systems Weblogic Server 9.0
- BEA Systems Weblogic Server 9.1
- BEA Systems Weblogic Server 9.2
- BEA Systems Weblogic Server 9.2 Maintenance Pack 3
- Oracle mod_wl
References
- BugTraq: 30273
- CVE: CVE-2008-3257