CVE-2008-4008

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
oracleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
oraclebea_product_suite
6.1:sp7
oraclebea_product_suite
7.0:sp7
oraclebea_product_suite
8.1:sp6
oraclebea_product_suite
9.0
oraclebea_product_suite
9.1
oraclebea_product_suite
9.2:mp3
oraclebea_product_suite
10.0:mp1
oraclebea_product_suite
10.3
𝑥
= Vulnerable software versions
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=751
http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
http://www.securitytracker.com/id?1021056
http://www.vupen.com/english/advisories/2008/2825
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=751
http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
http://www.securitytracker.com/id?1021056
http://www.vupen.com/english/advisories/2008/2825