mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
890 B
890 B
CVE-2008-3257
Description
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
POC
Reference
- http://www.attrition.org/pipermail/vim/2008-July/002035.html
- http://www.attrition.org/pipermail/vim/2008-July/002036.html
- https://www.exploit-db.com/exploits/6089