In association with heise online

23 July 2008, 11:40

Exploit published for buffer overflow in BEA WebLogic

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A hacker known as KingCope has discovered a potential buffer overflow in BEA WebLogic which can at least trigger system crashes, but may also be exploited to remotely inject and execute arbitrary code. The flaw is caused by Apache Connector which appears not to check certain POST requests sufficiently.

According to comments the published exploit is "broken" and doesn't function properly. Nevertheless, security providers FrSIRT and Secunia have rated the vulnerability as critical and highly critical respectively. According to Secunia, versions 5 to 10 are affected. No patch has so far become available. The only protection currently available is to filter the server's network traffic in order to minimise the risk of an attack.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit