CVE-2008-3257
Oracle WebLogic Server <10.3 - Buffer Overflow
Title source: llmDescription
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18897
exploitdb
WORKING POC
VERIFIED
by kingcope · perlremotewindows
https://www.exploit-db.com/exploits/6089
metasploit
WORKING POC
GREAT
by KingCope, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/bea_weblogic_post_bof.rb
References (12)
Scores
EPSS
0.8078
EPSS Percentile
99.2%
Details
CWE
CWE-119
Status
published
Products (12)
bea/weblogic_server
3.1.8
bea/weblogic_server
4.0
bea/weblogic_server
4.0.4
bea/weblogic_server
4.5
bea/weblogic_server
4.5.1 (2 CPE variants)
bea/weblogic_server
4.5.2 (3 CPE variants)
bea/weblogic_server
5.1 (14 CPE variants)
bea/weblogic_server
6.0 (4 CPE variants)
bea/weblogic_server
6.1 (9 CPE variants)
bea/weblogic_server
7.0 (8 CPE variants)
... and 2 more
Published
Jul 22, 2008
Tracked Since
Feb 18, 2026