Description

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Remediation

References

CVE-2008-3257

Related Vulnerabilities

Atlassian Jira CVE-2020-14168 Vulnerability (CVE-2020-14168)

TYPO3 Session Fixation Vulnerability (CVE-2010-3671)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-3384)

WordPress Plugin ActiveHelper LiveHelp Live Chat Multiple Cross-Site Scripting Vulnerabilities (3.1.0)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)

Severity

Critical

Classification

CVE-2008-3257 CWE-119

Tags

Missing Update Known Vulnerabilities