Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354)

critical Nessus Plugin ID 34781

Synopsis

The remote web server uses a module that is affected by a buffer overflow vulnerability.

Description

The remote web server is using the WebLogic plug-in for Apache (mod_wl), an Apache module included with Oracle (formerly BEA) WebLogic Server and used to proxy requests from an Apache HTTP server to WebLogic.

The version of this plug-in on the remote host is affected by a stack buffer overflow that is triggered when processing a request with an invalid parameter. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the remote host.

Note that Nessus has not tried to exploit this issue but rather has only checked the affected module's build timestamp.

Solution

Install the latest web server plug-in as described in the vendor advisory above.

See Also

http://www.nessus.org/u?e539ff75

https://www.securityfocus.com/archive/1/497969/30/0/threaded

http://www.nessus.org/u?e1bbe3e7

Plugin Details

Severity: Critical

ID: 34781

File Name: weblogic_mod_wl_1150354.nasl

Version: 1.16

Type: remote

Family: Web Servers

Published: 11/16/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

Metasploit (BEA Weblogic Transfer-Encoding Buffer Overflow)

Reference Information

CVE: CVE-2008-4008

BID: 31683, 31761