Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21159
HistoryJan 16, 2009 - 12:00 a.m.

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

2009-01-1600:00:00
vulners.com
20
JSON

Hello Assurent & Oracle,

On Tue, 13 Jan 2009, [email protected] wrote:

: Oracle BEA WebLogic Server Apache Connector Buffer Overflow
:
: Reference: http://www.bea.com/weblogic/server/
:
: 2. Vulnerability Summary
:
: A remotely exploitable vulnerability has been discovered in the Apache
: Connector component of Oracle BEA WebLogic Server. Specifically, the
: vulnerability is due to a boundary error when processing incoming HTTP
: requests and can lead to a buffer overflow condition. This boundary
: error can lead to a Denial of Service (DoS) condition for the Apache
: HTTP server.
:
: 3. Vulnerability Analysis
:
: A remote unauthenticated attacker can exploit the vulnerability by
: sending a malicious HTTP request to the target system. A successful
: attack will result in a Denial of Service (DoS) condition for the Apache
: HTTP server, including all Apache-negotiated HTTP traffic to the
: WebLogic Server.

: Reference:
https://support.bea.com/application_content/product_portlets/securityadvisories/2809.html

According to Assurent, this is a remote overflow that creates a DoS
condition. No mention of running arbitrary code.

Oracle's advisory says:

CVSS Severity Score: 10.0 (High)
Attack Range (AV): Network
Attack Complexity (AC): Low
Authentication Level (Au): None
Impact Type:Complete confidentiality, integrity and availability violation
Vulnerability Type: Denial of Service
CVSS Base Score Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

So it is a "Denial of Service" but results in a complete compromise of
confidentiality, integrity and availability. A 10.0 score typically means
remote, unauthenticated execution of attacker-controlled code. Which is
correct?

Further, Oracle's advisory says this affects "Security vulnerability in
WebLogic plug-ins for Apache, Sun and IIS Web servers", implying this
affects multiple plug-ins, not just the one for Apache. The advisory also
uses this wording further suggesting three separate plug-ins: "This
vulnerability may impact the availability, confidentiality or integrity of
WebLogic Server applications, which use the Apache, Sun or IIS web server
configured with the WebLogic plug-in for Apache, Sun or IIS respectively."

Is it really one plug-in that works with all three? Or does this only
affect an Apache plug-in?

JSON