CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Configurations

Configuration 1

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.2:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp11:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp8:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.1:sp15:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_server:10.0_mp1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.0:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp13:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.2:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*
cpe:2.3:a:bea_systems:apache_connector_in_weblogic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*

Information

Published : 2008-07-22 04:41

Updated : 2017-09-29 01:31


NVD link : CVE-2008-3257

Mitre link : CVE-2008-3257

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer