This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote web server uses a module that is affected by an HTTP
The remote web server is using the WebLogic plug-in for Apache, IIS,
or Sun web servers, a module included with Oracle (formerly BEA)
WebLogic Server and used to proxy requests from an HTTP server to
The version of this plug-in on the remote host is affected by an HTTP
injection vulnerability because it fails to sanitize request headers
of special characters, such as new lines, before passing them to
WebLogic application servers.
An unauthenticated, remote attacker may be able to exploit this issue
to conduct a variety of attacks, such as trusted header injection and
HTTP request smuggling.
See also :
Apply the Oracle July 2010 Critical Patch Update (CPU).
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 47898 ()
Bugtraq ID: 41620
CVE ID: CVE-2010-2375
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.