10

CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Data is provided by the National Vulnerability Database (NVD)
BeaWeblogic Server Version3.1.8
BeaWeblogic Server Version4.0
BeaWeblogic Server Version4.0.4
BeaWeblogic Server Version4.5
BeaWeblogic Server Version4.5.1
BeaWeblogic Server Version4.5.1 Updatesp15
BeaWeblogic Server Version4.5.2
BeaWeblogic Server Version4.5.2 Updatesp1
BeaWeblogic Server Version4.5.2 Updatesp2
BeaWeblogic Server Version5.1
BeaWeblogic Server Version5.1 Updatesp1
BeaWeblogic Server Version5.1 Updatesp10
BeaWeblogic Server Version5.1 Updatesp11
BeaWeblogic Server Version5.1 Updatesp12
BeaWeblogic Server Version5.1 Updatesp13
BeaWeblogic Server Version5.1 Updatesp2
BeaWeblogic Server Version5.1 Updatesp3
BeaWeblogic Server Version5.1 Updatesp4
BeaWeblogic Server Version5.1 Updatesp5
BeaWeblogic Server Version5.1 Updatesp6
BeaWeblogic Server Version5.1 Updatesp7
BeaWeblogic Server Version5.1 Updatesp8
BeaWeblogic Server Version5.1 Updatesp9
BeaWeblogic Server Version6.0
BeaWeblogic Server Version6.0 Updatesp1
BeaWeblogic Server Version6.0 Updatesp2
BeaWeblogic Server Version6.0 Updatesp6
BeaWeblogic Server Version6.1
BeaWeblogic Server Version6.1 Updatesp1
BeaWeblogic Server Version6.1 Updatesp2
BeaWeblogic Server Version6.1 Updatesp3
BeaWeblogic Server Version6.1 Updatesp4
BeaWeblogic Server Version6.1 Updatesp5
BeaWeblogic Server Version6.1 Updatesp6
BeaWeblogic Server Version6.1 Updatesp7
BeaWeblogic Server Version6.1 Updatesp8
BeaWeblogic Server Version7.0
BeaWeblogic Server Version7.0 Updatesp1
BeaWeblogic Server Version7.0 Updatesp2
BeaWeblogic Server Version7.0 Updatesp3
BeaWeblogic Server Version7.0 Updatesp4
BeaWeblogic Server Version7.0 Updatesp5
BeaWeblogic Server Version7.0 Updatesp6
BeaWeblogic Server Version7.0 Updatesp7
BeaWeblogic Server Version7.0.0.1
BeaWeblogic Server Version7.0.0.1 Updatesp1
BeaWeblogic Server Version7.0.0.1 Updatesp2
BeaWeblogic Server Version7.0.0.1 Updatesp3
BeaWeblogic Server Version7.0.0.1 Updatesp4
BeaWeblogic Server Version8.1
BeaWeblogic Server Version8.1 Updatesp1
BeaWeblogic Server Version8.1 Updatesp2
BeaWeblogic Server Version8.1 Updatesp3
BeaWeblogic Server Version8.1 Updatesp4
BeaWeblogic Server Version8.1 Updatesp5
BeaWeblogic Server Version8.1 Updatesp6
BeaWeblogic Server Version9.0
BeaWeblogic Server Version9.0 Updatega
BeaWeblogic Server Version9.0 Updatesp1
BeaWeblogic Server Version9.0 Updatesp2
BeaWeblogic Server Version9.0 Updatesp3
BeaWeblogic Server Version9.0 Updatesp4
BeaWeblogic Server Version9.0 Updatesp5
BeaWeblogic Server Version9.1
BeaWeblogic Server Version9.1 Updatega
BeaWeblogic Server Version9.2
BeaWeblogic Server Version9.2 Updatemp1
BeaWeblogic Server Version9.2 Updatemp2
BeaWeblogic Server Version10.0
Bea SystemsWeblogic Server Version10.0_mp1
OracleWeblogic Server Version <= 10.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 78.22% 0.989
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.