Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Remediation

References

CVE-2008-3257

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7827)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)

WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)

Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)

Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)

Severity

Critical

Classification

CVE-2008-3257 CWE-119

Tags

Missing Update Known Vulnerabilities