ID CVE-2008-4008
Summary Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:bea_product_suite:6.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:6.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 23-10-2012 - 02:53)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
idefense 20081029 Oracle WebLogic Apache Connector
sectrack 1021056
vupen ADV-2008-2825
saint via4
bid 31683
description Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow
id web_dev_weblogicapachever
osvdb 49283
title weblogic_apache_connector_transfer_encoding
type remote
Last major update 23-10-2012 - 02:53
Published 14-10-2008 - 21:11
Last modified 23-10-2012 - 02:53
Back to Top