CVE-2008-4008

BEA Product Suite - Unspecified Vuln

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4008. PoCs published by Metasploit, including Metasploit module exploits/windows/http/bea_weblogic_transfer_encoding.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in the BEA Weblogic Apache plugin via a malformed Transfer-Encoding header. It uses SEH overwrites and a reverse shell payload to achieve remote code execution.

Description

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16796

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in the BEA Weblogic Apache plugin via a malformed Transfer-Encoding header. It uses SEH overwrites and a reverse shell payload to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BEA Weblogic Apache plugin (versions affected by CVE-2008-4008)

No auth needed

Prerequisites: Network access to the target Weblogic server · Apache plugin configured with Weblogic

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in the BEA WebLogic Apache plugin via a malformed Transfer-Encoding header. It uses SEH overwrites and a reverse shell payload to achieve remote code execution on Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BEA WebLogic Apache plugin (versions affected by CVE-2008-4008)

No auth needed

Prerequisites: Network access to the target WebLogic server · Apache plugin with vulnerable Transfer-Encoding handling

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html

Third Party Advisory third-party-advisory x_refsource_idefense

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=751

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021056

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2825

Scores

EPSS 0.5627

EPSS Percentile 98.9%

Details

Status published

Products (8)

oracle/bea_product_suite 6.1 sp7

oracle/bea_product_suite 7.0 sp7

oracle/bea_product_suite 8.1 sp6

oracle/bea_product_suite 9.0

oracle/bea_product_suite 9.1

oracle/bea_product_suite 9.2 mp3

oracle/bea_product_suite 10.0 mp1

oracle/bea_product_suite 10.3

Published Oct 14, 2008

Tracked Since Feb 18, 2026