|
Full Disclosure
mailing list archives
Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow
From: VR-Subscription-noreply () assurent com
Date: Tue, 13 Jan 2009 21:36:36 -0500 (EST)
Oracle BEA WebLogic Server Apache Connector Buffer Overflow
Assurent ID: FSC20090113-10
1. Affected Software
Oracle WebLogic Server 10.3
Oracle WebLogic Server 10.0 released through MP1
Oracle WebLogic Server 9.2 released through MP3
Oracle WebLogic Server 9.1
Oracle WebLogic Server 9.0
Oracle WebLogic Server 8.1 released through SP6
Oracle WebLogic Server 7.0 released through SP7
Reference: http://www.bea.com/weblogic/server/
2. Vulnerability Summary
A remotely exploitable vulnerability has been discovered in the Apache Connector component of Oracle BEA WebLogic
Server. Specifically, the vulnerability is due to a boundary error when processing incoming HTTP requests and can lead
to a buffer overflow condition. This boundary error can lead to a Denial of Service (DoS) condition for the Apache HTTP
server.
3. Vulnerability Analysis
A remote unauthenticated attacker can exploit the vulnerability by sending a malicious HTTP request to the target
system. A successful attack will result in a Denial of Service (DoS) condition for the Apache HTTP server, including
all Apache-negotiated HTTP traffic to the WebLogic Server.
4. Vulnerability Detection
Assurent has confirmed the vulnerability in:
Oracle WebLogic Server 10.3
Oracle WebLogic Server 10.0 released through MP1
Oracle WebLogic Server 9.2 released through MP3
Oracle WebLogic Server 9.1
Oracle WebLogic Server 9.0
Oracle WebLogic Server 8.1 released through SP6
Oracle WebLogic Server 7.0 released through SP7
5. Workaround
Apply the vendor patch, or limit access to the affected communication port for trusted hosts and networks only.
6. Vendor Response
Oracle has released a bulletin addressing this vulnerability.
Reference: https://support.bea.com/application_content/product_portlets/securityadvisories/2809.html
7. Disclosure Timeline
2008-11-05 Reported to vendor
2008-11-05 Initial vendor response
2009-01-13 Coordinated public disclosure
8. Credits
Vulnerability Research Team, Assurent Secure Technologies, a TELUS company
9. References
CVE: CVE-2008-5457
Vendor: Oracle - CPUJan2009 - CVE-2008-5457
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for
MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs,
and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats
including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers
with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.
http://www.assurent.com/index.php?id=17
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
