CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-3257

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile4.35th
Published2008年7月22日
Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Affected Platforms (CPE)

📦
Bea

Weblogic Server

= 3.1.8
📦
Bea

Weblogic Server

= 4.0
📦
Bea

Weblogic Server

= 4.0.4
📦
Bea

Weblogic Server

= 4.5
📦
Bea

Weblogic Server

= 4.5.1
📦
Bea

Weblogic Server

= 4.5.1
📦
Bea

Weblogic Server

= 4.5.2
📦
Bea

Weblogic Server

= 4.5.2
📦
Bea

Weblogic Server

= 4.5.2
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 5.1
📦
Bea

Weblogic Server

= 6.0
📦
Bea

Weblogic Server

= 6.0
📦
Bea

Weblogic Server

= 6.0
📦
Bea

Weblogic Server

= 6.0
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 6.1
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0
📦
Bea

Weblogic Server

= 7.0.0.1
📦
Bea

Weblogic Server

= 7.0.0.1
📦
Bea

Weblogic Server

= 7.0.0.1
📦
Bea

Weblogic Server

= 7.0.0.1
📦
Bea

Weblogic Server

= 7.0.0.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 8.1
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.0
📦
Bea

Weblogic Server

= 9.1
📦
Bea

Weblogic Server

= 9.1
📦
Bea

Weblogic Server

= 9.2
📦
Bea

Weblogic Server

= 9.2
📦
Bea

Weblogic Server

= 9.2
📦
Bea

Weblogic Server

= 10.0
📦
Bea Systems

Apache Connector In Weblogic Server

All versions
📦
Bea Systems

Weblogic Server

= 10.0_mp1
📦
Oracle

Weblogic Server

<= 10.3

References & Advisories

🔗 http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
🔗 http://secunia.com/advisories/31146
🔗 http://www.attrition.org/pipermail/vim/2008-July/002035.html
🔗 http://www.attrition.org/pipermail/vim/2008-July/002036.html
🔗 http://www.kb.cert.org/vuls/id/716387
🔗 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
🔗 http://www.securityfocus.com/bid/30273
🔗 http://www.securitytracker.com/id?1020520

相關漏洞威脅

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...