CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3257

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile4.35th
PublishedJul 22, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Affected Platforms (CPE)

πŸ“¦
Bea

Weblogic Server

= 3.1.8
πŸ“¦
Bea

Weblogic Server

= 4.0
πŸ“¦
Bea

Weblogic Server

= 4.0.4
πŸ“¦
Bea

Weblogic Server

= 4.5
πŸ“¦
Bea

Weblogic Server

= 4.5.1
πŸ“¦
Bea

Weblogic Server

= 4.5.1
πŸ“¦
Bea

Weblogic Server

= 4.5.2
πŸ“¦
Bea

Weblogic Server

= 4.5.2
πŸ“¦
Bea

Weblogic Server

= 4.5.2
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 5.1
πŸ“¦
Bea

Weblogic Server

= 6.0
πŸ“¦
Bea

Weblogic Server

= 6.0
πŸ“¦
Bea

Weblogic Server

= 6.0
πŸ“¦
Bea

Weblogic Server

= 6.0
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 6.1
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0.0.1
πŸ“¦
Bea

Weblogic Server

= 7.0.0.1
πŸ“¦
Bea

Weblogic Server

= 7.0.0.1
πŸ“¦
Bea

Weblogic Server

= 7.0.0.1
πŸ“¦
Bea

Weblogic Server

= 7.0.0.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.1
πŸ“¦
Bea

Weblogic Server

= 9.1
πŸ“¦
Bea

Weblogic Server

= 9.2
πŸ“¦
Bea

Weblogic Server

= 9.2
πŸ“¦
Bea

Weblogic Server

= 9.2
πŸ“¦
Bea

Weblogic Server

= 10.0
πŸ“¦
Bea Systems

Apache Connector In Weblogic Server

All versions
πŸ“¦
Bea Systems

Weblogic Server

= 10.0_mp1
πŸ“¦
Oracle

Weblogic Server

<= 10.3

References & Advisories

πŸ”— http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
πŸ”— http://secunia.com/advisories/31146
πŸ”— http://www.attrition.org/pipermail/vim/2008-July/002035.html
πŸ”— http://www.attrition.org/pipermail/vim/2008-July/002036.html
πŸ”— http://www.kb.cert.org/vuls/id/716387
πŸ”— http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
πŸ”— http://www.securityfocus.com/bid/30273
πŸ”— http://www.securitytracker.com/id?1020520

Related Vulnerabilities

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...