Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 3.1.8 |
||
bea weblogic server 4.5.1 |
||
bea weblogic server 4.5.2 |
||
bea weblogic server 5.1 |
||
bea weblogic server 6.1 |
||
bea weblogic server 7.0.0.1 |
||
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |
||
bea weblogic server 9.0 |
||
bea weblogic server 9.1 |
||
bea weblogic server 10.0 |
||
bea weblogic server 6.0 |
||
bea weblogic server 9.2 |
||
bea weblogic server 4.0 |
||
bea weblogic server 4.0.4 |
||
bea systems apache connector in weblogic server |
||
bea weblogic server 4.5 |
||
bea systems weblogic server 10.0_mp1 |
||
oracle weblogic server |