| VID |
22109 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The WebLogic Server, according to its version number, appears to be vulnerable to a buffer overflow attack.
BEA Systems WebLogic Server is an enterprise level web and wireless application server. BEA WebLogic Server versions 5.1.0 SP6 and earlier are vulnerable to a buffer overflow attack. By sending an oversized URL beginning with a "dot dot" (..), a remote attacker can overflow the buffer and execute arbitrary code on the system with privileges of the Web server, or cause the server to crash.
* Note that this scanner solely relied on the version number of the WebLogic Server, to assess this vulnerability, so this might be a false positive.
* References:
http://online.securityfocus.com/bid/2138
http://www.iss.net/security_center/static/5782.php |
| Recommendation |
Upgrade to the latest version of BEA WebLogic Server (5.1.0 SP7 or later), available from the BEA WebLogic Download Page at:
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls |
| Related URL |
CVE-2001-0098 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
