Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

  • Published: Jul 22, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-3257
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
bea / weblogic_server 7.0.0.1-sp4 7.0.0.1-sp4.x
bea / weblogic_server 6.1-sp4 6.1-sp4.x
bea / weblogic_server 4.5.2-sp1 4.5.2-sp1.x
bea / weblogic_server 4.5.1 4.5.1.x
bea / weblogic_server 7.0-sp7 7.0-sp7.x
bea / weblogic_server 9.2-mp2 9.2-mp2.x
bea / weblogic_server 8.1 8.1.x
bea / weblogic_server 6.1-sp5 6.1-sp5.x
bea / weblogic_server 4.5.2 4.5.2.x
bea / weblogic_server 9.0 9.0.x
bea / weblogic_server 9.2 9.2.x
bea / weblogic_server 6.1-sp6 6.1-sp6.x
bea / weblogic_server 7.0-sp4 7.0-sp4.x
bea / weblogic_server 9.0-sp3 9.0-sp3.x
bea / weblogic_server 7.0 7.0.x
bea / weblogic_server 9.0-sp1 9.0-sp1.x
bea / weblogic_server 7.0.0.1-sp1 7.0.0.1-sp1.x
bea / weblogic_server 6.0-sp2 6.0-sp2.x
bea / weblogic_server 5.1-sp12 5.1-sp12.x
bea / weblogic_server 5.1-sp11 5.1-sp11.x
bea / weblogic_server 5.1 5.1.x
bea / weblogic_server 6.1-sp3 6.1-sp3.x
oracle / weblogic_server - 10.3.x
bea / weblogic_server 5.1-sp1 5.1-sp1.x
bea / weblogic_server 6.1-sp8 6.1-sp8.x
bea / weblogic_server 7.0-sp6 7.0-sp6.x
bea / weblogic_server 7.0-sp3 7.0-sp3.x
bea / weblogic_server 8.1-sp5 8.1-sp5.x
bea / weblogic_server 8.1-sp3 8.1-sp3.x
bea / weblogic_server 7.0-sp2 7.0-sp2.x
bea / weblogic_server 9.0-ga 9.0-ga.x
bea / weblogic_server 3.1.8 3.1.8.x
bea / weblogic_server 9.0-sp5 9.0-sp5.x
bea / weblogic_server 4.5.1-sp15 4.5.1-sp15.x
bea / weblogic_server 9.0-sp2 9.0-sp2.x
bea / weblogic_server 5.1-sp6 5.1-sp6.x
bea / weblogic_server 4.5 4.5.x
bea / weblogic_server 7.0-sp5 7.0-sp5.x
bea / weblogic_server 9.1 9.1.x
bea / weblogic_server 6.1-sp1 6.1-sp1.x
bea / weblogic_server 10.0 10.0.x
bea / weblogic_server 6.0 6.0.x
bea_systems / weblogic_server 10.0_mp1 10.0_mp1.x
bea / weblogic_server 9.2-mp1 9.2-mp1.x
bea / weblogic_server 5.1-sp4 5.1-sp4.x
bea / weblogic_server 5.1-sp3 5.1-sp3.x
bea / weblogic_server 6.0-sp6 6.0-sp6.x
bea / weblogic_server 5.1-sp8 5.1-sp8.x
bea / weblogic_server 8.1-sp2 8.1-sp2.x
bea / weblogic_server 5.1-sp13 5.1-sp13.x
bea / weblogic_server 5.1-sp10 5.1-sp10.x
bea / weblogic_server 6.1 6.1.x
bea / weblogic_server 6.0-sp1 6.0-sp1.x
bea / weblogic_server 7.0.0.1 7.0.0.1.x
bea / weblogic_server 5.1-sp5 5.1-sp5.x
bea / weblogic_server 5.1-sp9 5.1-sp9.x
bea / weblogic_server 7.0-sp1 7.0-sp1.x
bea / weblogic_server 7.0.0.1-sp2 7.0.0.1-sp2.x
bea / weblogic_server 8.1-sp6 8.1-sp6.x
bea / weblogic_server 4.0.4 4.0.4.x
bea / weblogic_server 8.1-sp1 8.1-sp1.x
bea / weblogic_server 8.1-sp4 8.1-sp4.x
bea / weblogic_server 6.1-sp2 6.1-sp2.x
bea / weblogic_server 9.0-sp4 9.0-sp4.x
bea / weblogic_server 6.1-sp7 6.1-sp7.x
bea / weblogic_server 4.5.2-sp2 4.5.2-sp2.x
bea / weblogic_server 9.1-ga 9.1-ga.x
bea / weblogic_server 7.0.0.1-sp3 7.0.0.1-sp3.x
bea / weblogic_server 5.1-sp7 5.1-sp7.x
bea_systems / apache_connector_in_weblogic_server - -
bea / weblogic_server 4.0 4.0.x
bea / weblogic_server 5.1-sp2 5.1-sp2.x