HTTP: Oracle BEA WebLogic Server Apache Connector Buffer Overflow
There exists a buffer overflow vulnerability in BEA WebLogic Server Apache Connector. The vulnerability is due to a boundary error in the Apache connector. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation would be a denial of service condition of Apache HTTP services on the target host. In an attack case, the affected server will terminate and all established connections will also be terminated.
Extended Description
Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities affecting the following software: Oracle Database Oracle Secure Backup Oracle TimesTen In-Memory Database Oracle Application Server Oracle Collaboration Suite Oracle E-Business Suite Release Oracle Enterprise Manager Grid Control PeopleSoft Enterprise HRMS JD Edwards Tools Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle WebLogic Portal (formerly BEA WebLogic Portal)
Affected Products
Bea_systems weblogic_server
Short Name
HTTP:WEBLOGIC:BEA-CONN-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache BEA Buffer CVE-2008-5457 Connector Oracle Overflow Server WebLogic bid:33177
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
Bea_systems
CVSS Score
10.0