Vulnerability CVE-2008-3257 - CERT Civis.Net

Vulnerability Name:

CVE-2008-3257 (CCN-43885)

Assigned:

2008-07-17

Published:

2008-07-17

Updated:

2017-09-29

Summary:

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html

Source: MITRE
Type: CNA
CVE-2008-3257

Source: CCN
Type: IBM Internet Security Systems Protection Alert - August 1, 2008
Oracle WebLogic Server Apache Connector Remote Code Execution

Source: CCN
Type: SA31146
Oracle WebLogic Server Apache Connector Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
31146

Source: CCN
Type: SECTRACK ID: 1020520
Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-322
Oracle Security Alert for CVE-2008-3257

Source: VIM
Type: UNKNOWN
20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

Source: VIM
Type: UNKNOWN
20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

Source: CCN
Type: BEA Web site
BEA WebLogic Server

Source: CCN
Type: US-CERT VU#716387
Oracle Weblogic Apache connector vulnerable to buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#716387

Source: CCN
Type: Oracle Security Alert for CVE-2008-3257
Alert_CVE-2008-3257

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

Source: CCN
Type: OSVDB ID: 47096
Oracle Weblogic Apache Connector POST Request Overflow

Source: BID
Type: UNKNOWN
30273

Source: CCN
Type: BID-30273
Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020520

Source: VUPEN
Type: UNKNOWN
ADV-2008-2145

Source: XF
Type: UNKNOWN
oracle-weblogic-apacheconnector-bo(43885)

Source: XF
Type: UNKNOWN
oracle-weblogic-apacheconnector-bo(43885)

Source: CCN
Type: BEA Security Advisory (CVE-2008-3257)
Security vulnerability in WebLogic plug-in for Apache

Source: CONFIRM
Type: UNKNOWN
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-19-2012]

Source: EXPLOIT-DB
Type: UNKNOWN
6089

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [07-17-2008]
Oracle Weblogic Apache Connector POST Request Buffer Overflow

Vulnerable Configuration:

Configuration 1:

cpe:/a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5.1:sp15:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5.2:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5.2:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:4.5.2:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp11:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp13:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp8:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.2:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:10.0:*:*:*:*:*:*:*

OR cpe:/a:bea_systems:apache_connector_in_weblogic_server:*:*:*:*:*:*:*:*

OR cpe:/a:bea_systems:weblogic_server:10.0_mp1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:*:*:*:*:*:*:*:* (Version <= 10.3)

Configuration CCN 1:

cpe:/a:oracle:weblogic_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp1:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp2:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp4:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp5:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp1:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp6:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp6:*:*:*:-:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp7:*:*:*:-:*:*

OR cpe:/a:oracle:weblogic_server:10.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:3.1.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:4.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:4.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:4.5.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp3:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp4:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp5:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp6:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:6.1:sp7:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp2:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp3:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp4:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:8.1:sp5:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:9.2:-:*:*:*:-:*:*

OR cpe:/a:oracle:weblogic_server:10.3.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp1:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp2:*:*:*:apache:*:*

OR cpe:/a:oracle:weblogic_server:7.0:sp3:*:*:*:apache:*:*

Denotes that component is vulnerable