CVE-2008-3257

Oracle WebLogic Server <10.3 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-3257. PoCs published by Metasploit, kingcope, KingCope, juan vazquez, including Metasploit module exploits/windows/http/bea_weblogic_post_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in the BEA WebLogic Apache plugin (CVE-2008-3257) via a crafted HTTP POST request. It includes version fingerprinting and targets specific Windows systems without DEP.

Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18897

This Metasploit module exploits a stack-based buffer overflow in the BEA WebLogic Apache plugin (CVE-2008-3257) via a crafted HTTP POST request. It includes version fingerprinting and targets specific Windows systems without DEP.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BEA WebLogic Apache Connector (mod_wl_20.so) versions 8.1 SP4, SP5, SP6
No auth needed
Prerequisites: Target must be running vulnerable BEA WebLogic Apache Connector on Windows without DEP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by kingcope · perlremotewindows
https://www.exploit-db.com/exploits/6089

This exploit targets a vulnerability in the Bea Weblogic Apache Connector, allowing remote command execution on Windows Server 2003 SP2 via a stack-based buffer overflow. It also includes a DoS module for the Apache frontend.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bea Weblogic Apache Connector (version not specified)
No auth needed
Prerequisites: Network access to the target · Target running vulnerable Bea Weblogic Apache Connector
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by KingCope, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/bea_weblogic_post_bof.rb

This Metasploit module exploits a stack-based buffer overflow in the BEA WebLogic Apache plugin (CVE-2008-3257) via a crafted HTTP POST request. It includes fingerprinting for vulnerable versions and targets Windows systems without DEP.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BEA WebLogic Apache Connector (mod_wl_20.so) versions 8.1 SP4/SP5/SP6
No auth needed
Prerequisites: Network access to the target WebLogic server · Vulnerable version of mod_wl_20.so
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2008-July/002035.html
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2008-July/002036.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6089
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31146
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30273
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020520
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43885
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/716387
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2145/references

Scores

EPSS 0.8359
EPSS Percentile 99.7%

Details

CWE
CWE-119
Status published
Products (12)
bea/weblogic_server 3.1.8
bea/weblogic_server 4.0
bea/weblogic_server 4.0.4
bea/weblogic_server 4.5
bea/weblogic_server 4.5.1 (2 CPE variants)
bea/weblogic_server 4.5.2 (3 CPE variants)
bea/weblogic_server 5.1 (14 CPE variants)
bea/weblogic_server 6.0 (4 CPE variants)
bea/weblogic_server 6.1 (9 CPE variants)
bea/weblogic_server 7.0 (8 CPE variants)
... and 2 more
Published Jul 22, 2008
Tracked Since Feb 18, 2026