CVE-2008-3257

Oracle WebLogic Server <10.3 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by kingcope · perlremotewindows
https://www.exploit-db.com/exploits/6089
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18897
metasploit WORKING POC GREAT
by KingCope, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/bea_weblogic_post_bof.rb

References (12)

Scores

EPSS 0.8078
EPSS Percentile 99.1%

Classification

CWE
CWE-119
Status draft

Affected Products (50)

bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
... and 35 more

Timeline

Published Jul 22, 2008
Tracked Since Feb 18, 2026