HIGH🇵🇱 Wersja polska

CVE-2008-3257

CVSS 10.0v2.0pub. 2008-07-22upd. 2026-04-23

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Bea Weblogic Server

    APP
    Bea
    10.03.1.84.04.0.44.54.5.14.5.25.16.06.17.07.0.0.18.19.09.1+ 1 więcej
  • Bea Systems Apache Connector In Weblogic Server

    APP
    Bea Systems
    wszystkie wersje
  • Bea Systems Weblogic Server

    APP
    Bea Systems
    10.0_mp1
  • Oracle Weblogic Server

    APP
    Oracle
    ≤ 10.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2020-14750CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14882CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14644CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...

CVE-2020-2883CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...