Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354)

Critical Nessus Plugin ID 34781


The remote web server uses a module that is affected by a buffer overflow vulnerability.


The remote web server is using the WebLogic plug-in for Apache (mod_wl), an Apache module included with Oracle (formerly BEA) WebLogic Server and used to proxy requests from an Apache HTTP server to WebLogic.

The version of this plug-in on the remote host is affected by a stack buffer overflow that is triggered when processing a request with an invalid parameter. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the remote host.

Note that Nessus has not tried to exploit this issue but rather has only checked the affected module's build timestamp.


Install the latest web server plug-in as described in the vendor advisory above.

See Also

Plugin Details

Severity: Critical

ID: 34781

File Name: weblogic_mod_wl_1150354.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Web Servers

Published: 2008/11/16

Modified: 2015/09/24

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

Metasploit (BEA Weblogic Transfer-Encoding Buffer Overflow)

Reference Information

CVE: CVE-2008-4008

BID: 31683, 31761

OSVDB: 49283