CVE-2008-5457

BEA Product Suite - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-5457. PoCs published by Metasploit, Guido Landi, including Metasploit module exploits/windows/http/bea_weblogic_jsessionid.

AI-analyzed exploit summary This exploit targets a buffer overflow in BEA WebLogic's plugin when clustering is configured. It leverages a long JSESSIONID cookie value to achieve arbitrary code execution via a SEH-based exploit.

Description

Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16762

This exploit targets a buffer overflow in BEA WebLogic's plugin when clustering is configured. It leverages a long JSESSIONID cookie value to achieve arbitrary code execution via a SEH-based exploit.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BEA WebLogic plugin (versions 1.0.1136334 and 1.0.1150354)
No auth needed
Prerequisites: WebLogic clustering configured · Access to the target server's HTTP port (default 80)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Guido Landi · perlremotewindows
https://www.exploit-db.com/exploits/8336

This exploit targets a buffer overflow vulnerability in a JSP application (CVE-2008-5457) by sending a maliciously crafted POST request with a long JSESSIONID parameter containing shellcode. It achieves remote code execution by overwriting the SEH and triggering a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown JSP application (likely a web server or framework)
No auth needed
Prerequisites: Network access to the target · Vulnerable JSP application exposed on port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/bea_weblogic_jsessionid.rb

This Metasploit module exploits a buffer overflow in BEA WebLogic's plugin via a maliciously crafted JSESSIONID cookie. It targets specific versions of the WebLogic module on Windows Apache 2.2, achieving remote code execution through SEH overwrites.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BEA WebLogic plugin for Apache 2.2 (versions 1.0.1136334 and 1.0.1150354)
No auth needed
Prerequisites: WebLogic clustering configured · Target running vulnerable WebLogic module version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33526
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0115
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021571
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33177

Scores

EPSS 0.6131
EPSS Percentile 99.0%

Details

Status published
Products (7)
oracle/bea_product_suite 7.0 sp7
oracle/bea_product_suite 8.1 sp6
oracle/bea_product_suite 9.0
oracle/bea_product_suite 9.1
oracle/bea_product_suite 9.2 mp3
oracle/bea_product_suite 10.0 mp1
oracle/bea_product_suite 10.3
Published Jan 14, 2009
Tracked Since Feb 18, 2026