Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1246
    posted: 08/19/08
  • NSM Daily Update #1246
    posted: 08/19/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1246
    posted: 08/19/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1227
    posted: 08/19/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 08/18/08

Title: Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability

Severity: HIGH

Description:

Oracle mod_wl (formerly known as BEA mod_wl) is a plugin module that allows requests to be proxied from an Apache HTTP Server to a WebLogic Server.

Oracle mod_wl is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Specifically, the application fails to handle excessively large amounts of data passed in an HTTP POST request.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products:

  • BEA Systems WebLogic Express 10.0
  • BEA Systems WebLogic Express 6.1.0 SP 1
  • BEA Systems WebLogic Express 6.1.0 SP 2
  • BEA Systems WebLogic Express 6.1.0 SP 3
  • BEA Systems WebLogic Express 6.1.0 SP 4
  • BEA Systems WebLogic Express 6.1.0 SP 5
  • BEA Systems WebLogic Express 6.1.0 SP 7
  • BEA Systems WebLogic Express 7.0.0 .0.1 SP 1
  • BEA Systems WebLogic Express 7.0.0 .0.1 SP 2
  • BEA Systems WebLogic Express 7.0.0 .0.1 SP 3
  • BEA Systems WebLogic Express 7.0.0 .0.1 SP 4
  • BEA Systems WebLogic Express 7.0.0 SP 1
  • BEA Systems WebLogic Express 7.0.0 SP 2
  • BEA Systems WebLogic Express 7.0.0 SP 3
  • BEA Systems WebLogic Express 7.0.0 SP 4
  • BEA Systems WebLogic Express 7.0.0 SP 5
  • BEA Systems WebLogic Express 7.0.0 SP 6
  • BEA Systems WebLogic Express 7.0.0 SP 7
  • BEA Systems WebLogic Express 8.1.0
  • BEA Systems WebLogic Express 8.1.0 SP 1
  • BEA Systems WebLogic Express 8.1.0 SP 2
  • BEA Systems WebLogic Express 8.1.0 SP 3
  • BEA Systems WebLogic Express 8.1.0 SP 4
  • BEA Systems WebLogic Express 8.1.0 SP 5
  • BEA Systems WebLogic Express 8.1.0 SP 6
  • BEA Systems WebLogic Express 9.0
  • BEA Systems WebLogic Express 9.1
  • BEA Systems WebLogic Express 9.2
  • BEA Systems Weblogic Server 10.0
  • BEA Systems Weblogic Server 10.0 MP1
  • BEA Systems Weblogic Server 6.1.0 SP 1
  • BEA Systems Weblogic Server 6.1.0 SP 2
  • BEA Systems Weblogic Server 6.1.0 SP 3
  • BEA Systems Weblogic Server 6.1.0 SP 4
  • BEA Systems Weblogic Server 6.1.0 SP 5
  • BEA Systems Weblogic Server 6.1.0 SP 7
  • BEA Systems Weblogic Server 7.0.0 SP 1
  • BEA Systems Weblogic Server 7.0.0 SP 2
  • BEA Systems Weblogic Server 7.0.0 SP 3
  • BEA Systems Weblogic Server 7.0.0 SP 4
  • BEA Systems Weblogic Server 7.0.0 SP 5
  • BEA Systems Weblogic Server 7.0.0 SP 6
  • BEA Systems Weblogic Server 7.0.0 SP 7
  • BEA Systems Weblogic Server 8.1.0 SP 1
  • BEA Systems Weblogic Server 8.1.0 SP 2
  • BEA Systems Weblogic Server 8.1.0 SP 3
  • BEA Systems Weblogic Server 8.1.0 SP 4
  • BEA Systems Weblogic Server 8.1.0 SP 5
  • BEA Systems Weblogic Server 8.1.0 SP 6
  • BEA Systems Weblogic Server 9.0
  • BEA Systems Weblogic Server 9.1
  • BEA Systems Weblogic Server 9.2
  • BEA Systems Weblogic Server 9.2 Maintenance Pack 3
  • Oracle mod_wl

References: