This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.
The remote web server uses a module that is affected by a buffer
The Apache web server running on the remote host includes a version of
the WebLogic plug-in for Apache (mod_wl) that is affected by a buffer
overflow. This is an Apache module included with Oracle (formerly BEA)
WebLogic Server and used to proxy requests from an Apache HTTP server
to WebLogic. A remote attacker can leverage this issue to execute
arbitrary code on the remote host.
Note that Nessus has not tried to exploit this issue but rather has
only checked the affected module's build timestamp. As a result, it
will not detect if the remote implements one of the workarounds
published by Oracle in its advisory. Still, it should be noted that
the vendor strongly recommends updating the plug-in.
Install the latest web server plug-in as described in the vendor
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 33932 ()
Bugtraq ID: 30273
CVE ID: CVE-2008-3257
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.