CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
beaweblogic_server
3.1.8
beaweblogic_server
4.0
beaweblogic_server
4.0.4
beaweblogic_server
4.5
beaweblogic_server
4.5.1
beaweblogic_server
4.5.1:sp15
beaweblogic_server
4.5.2
beaweblogic_server
4.5.2:sp1
beaweblogic_server
4.5.2:sp2
beaweblogic_server
5.1
beaweblogic_server
5.1:sp1
beaweblogic_server
5.1:sp10
beaweblogic_server
5.1:sp11
beaweblogic_server
5.1:sp12
beaweblogic_server
5.1:sp13
beaweblogic_server
5.1:sp2
beaweblogic_server
5.1:sp3
beaweblogic_server
5.1:sp4
beaweblogic_server
5.1:sp5
beaweblogic_server
5.1:sp6
beaweblogic_server
5.1:sp7
beaweblogic_server
5.1:sp8
beaweblogic_server
5.1:sp9
beaweblogic_server
6.0
beaweblogic_server
6.0:sp1
beaweblogic_server
6.0:sp2
beaweblogic_server
6.0:sp6
beaweblogic_server
6.1
beaweblogic_server
6.1:sp1
beaweblogic_server
6.1:sp2
beaweblogic_server
6.1:sp3
beaweblogic_server
6.1:sp4
beaweblogic_server
6.1:sp5
beaweblogic_server
6.1:sp6
beaweblogic_server
6.1:sp7
beaweblogic_server
6.1:sp8
beaweblogic_server
7.0
beaweblogic_server
7.0:sp1
beaweblogic_server
7.0:sp2
beaweblogic_server
7.0:sp3
beaweblogic_server
7.0:sp4
beaweblogic_server
7.0:sp5
beaweblogic_server
7.0:sp6
beaweblogic_server
7.0:sp7
beaweblogic_server
7.0.0.1
beaweblogic_server
7.0.0.1:sp1
beaweblogic_server
7.0.0.1:sp2
beaweblogic_server
7.0.0.1:sp3
beaweblogic_server
7.0.0.1:sp4
beaweblogic_server
8.1
beaweblogic_server
8.1:sp1
beaweblogic_server
8.1:sp2
beaweblogic_server
8.1:sp3
beaweblogic_server
8.1:sp4
beaweblogic_server
8.1:sp5
beaweblogic_server
8.1:sp6
beaweblogic_server
9.0
beaweblogic_server
9.0:ga
beaweblogic_server
9.0:sp1
beaweblogic_server
9.0:sp2
beaweblogic_server
9.0:sp3
beaweblogic_server
9.0:sp4
beaweblogic_server
9.0:sp5
beaweblogic_server
9.1
beaweblogic_server
9.1:ga
beaweblogic_server
9.2
beaweblogic_server
9.2:mp1
beaweblogic_server
9.2:mp2
beaweblogic_server
10.0
bea_systemsapache_connector_in_weblogic_server
*
bea_systemsweblogic_server
10.0_mp1:_mp1
oracleweblogic_server
𝑥
≤ 10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
http://secunia.com/advisories/31146
http://www.attrition.org/pipermail/vim/2008-July/002035.html
http://www.attrition.org/pipermail/vim/2008-July/002036.html
http://www.kb.cert.org/vuls/id/716387
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
http://www.securityfocus.com/bid/30273
http://www.securitytracker.com/id?1020520
http://www.vupen.com/english/advisories/2008/2145/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43885
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
https://www.exploit-db.com/exploits/6089
http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
http://secunia.com/advisories/31146
http://www.attrition.org/pipermail/vim/2008-July/002035.html
http://www.attrition.org/pipermail/vim/2008-July/002036.html
http://www.kb.cert.org/vuls/id/716387
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
http://www.securityfocus.com/bid/30273
http://www.securitytracker.com/id?1020520
http://www.vupen.com/english/advisories/2008/2145/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43885
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
https://www.exploit-db.com/exploits/6089