Signature Detail
Short Name |
SSL:BEA-WEBLOGIC-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
BEA WebLogic SSL Handling Denial of Service |
Release Date |
2014/05/02 |
Update Number |
2371 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: BEA WebLogic SSL Handling Denial of Service
This signature detects attempts to exploit a known vulnerability against BEA WebLogic. A successful attack can result in a denial-of-service condition.
Extended Description
It is reported that WebLogic Server and WebLogic Express are affected by a remote denial of service vulnerability. Due to certain unspecified reasons, the server does not close connections properly, ultimately running out of sockets. WebLogic Server and WebLogic Express 8.1 SP2 and prior are vulnerable to this issue.
Affected Products
- BEA Systems WebLogic Express 8.1.0
- BEA Systems WebLogic Express 8.1.0 SP 1
- BEA Systems WebLogic Express 8.1.0 SP 2
- BEA Systems WebLogic Express 8.1.0 SP 3
- BEA Systems WebLogic Express 8.1.0 SP 4
- BEA Systems WebLogic Express for Win32 8.1.0
- BEA Systems WebLogic Express for Win32 8.1.0 SP 1
- BEA Systems WebLogic Express for Win32 8.1.0 SP 2
- BEA Systems WebLogic Express for Win32 8.1.0 SP 3
- BEA Systems WebLogic Express for Win32 8.1.0 SP 4
- BEA Systems Weblogic Server 8.1.0
- BEA Systems Weblogic Server 8.1.0 SP 1
- BEA Systems Weblogic Server 8.1.0 SP 2
- BEA Systems Weblogic Server 8.1.0 SP 3
- BEA Systems Weblogic Server 8.1.0 SP 4
- BEA Systems WebLogic Server for Win32 8.1.0
- BEA Systems WebLogic Server for Win32 8.1.0 SP 1
- BEA Systems WebLogic Server for Win32 8.1.0 SP 2
- BEA Systems WebLogic Server for Win32 8.1.0 SP 3
- BEA Systems WebLogic Server for Win32 8.1.0 SP 4
References
- BugTraq: 10544
- CVE: CVE-2004-2424