Oracle WebLogic Server mod_wl POST Request Remote Overflow

This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server uses a module that is affected by a buffer
overflow vulnerability.

Description :

The Apache web server running on the remote host includes a version of
the WebLogic plug-in for Apache (mod_wl) that is affected by a buffer
overflow. This is an Apache module included with Oracle (formerly BEA)
WebLogic Server and used to proxy requests from an Apache HTTP server
to WebLogic. A remote attacker can leverage this issue to execute
arbitrary code on the remote host.

Note that Nessus has not tried to exploit this issue but rather has
only checked the affected module's build timestamp. As a result, it
will not detect if the remote implements one of the workarounds
published by Oracle in its advisory. Still, it should be noted that
the vendor strongly recommends updating the plug-in.

Solution :

Install the latest web server plug-in as described in the vendor
advisory above.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 33932 ()

Bugtraq ID: 30273

CVE ID: CVE-2008-3257