Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354)
Critical Nessus Plugin ID 34781
SynopsisThe remote web server uses a module that is affected by a buffer overflow vulnerability.
DescriptionThe remote web server is using the WebLogic plug-in for Apache (mod_wl), an Apache module included with Oracle (formerly BEA) WebLogic Server and used to proxy requests from an Apache HTTP server to WebLogic.
The version of this plug-in on the remote host is affected by a stack buffer overflow that is triggered when processing a request with an invalid parameter. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the remote host.
Note that Nessus has not tried to exploit this issue but rather has only checked the affected module's build timestamp.
SolutionInstall the latest web server plug-in as described in the vendor advisory above.