Oracle WebLogic Server mod_wl POST Request Remote Overflow

critical Nessus Plugin ID 33932

Synopsis

The remote web server uses a module that is affected by a buffer overflow vulnerability.

Description

The Apache web server running on the remote host includes a version of the WebLogic plug-in for Apache (mod_wl) that is affected by a buffer overflow. This is an Apache module included with Oracle (formerly BEA) WebLogic Server and used to proxy requests from an Apache HTTP server to WebLogic. A remote attacker can leverage this issue to execute arbitrary code on the remote host.

Note that Nessus has not tried to exploit this issue but rather has only checked the affected module's build timestamp. As a result, it will not detect if the remote implements one of the workarounds published by Oracle in its advisory. Still, it should be noted that the vendor strongly recommends updating the plug-in.

Solution

Install the latest web server plug-in as described in the vendor advisory above.

Plugin Details

Severity: Critical

ID: 33932

File Name: weblogic_mod_wl_overflow.nasl

Version: 1.22

Type: remote

Family: Web Servers

Published: 8/18/2008

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

Core Impact

Metasploit (Oracle Weblogic Apache Connector POST Request Buffer Overflow)

Reference Information

CVE: CVE-2008-3257

BID: 30273

CWE: 119

CERT: 716387

Secunia: 31146