|
Description
|
|
A vulnerability has been identified in BEA Weblogic Server, which could be exploited by attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the Apache connector when processing overly long POST requests, which could be exploited by attackers to crash an affected server or execute arbitrary code via a specially crafted HTTP request.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
BEA Weblogic Server versions 10.x and prior
|
|
|
|
|
|
Solution
|
|
Install the latest web server plug-in :ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/WLSWebServerPlugins1.0.1136334-Apache.zip
|
|
|
|
|
|
CVE
|
|
CVE-2008-3257
|
|
|
|
|
|
References
|
|
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
