TUCoPS :: Web :: Servers :: wlogic6.htm

BEA WebLogic Server prior to V5.1.0 - Service Pack 7 buffer overflow, race condition 
Vulnerability

    WebLogic

Affected

    Bea WebLogic Server prior to V5.1.0 - Service Pack 7

Description

    Following is based on a Defcom Labs Advisory def-2000-04 by  Peter
    Grundl.   It  is  possible  to  trigger  a race condition that can
    result in the stack and registers being partially overwritten.

    WebLogic Server has a specific handler for URL requests that start
    with "dotdot". By  sending a large  URL (..aaaaaaaaaaaaaaaaaaxlots
    more)  and  disconnecting,  it  is  possible  to  trigger a buffer
    overflow.   The  result  can  be  anywhere  from  crashing the web
    server,  to  executing  arbitrary  code  on  the  server  with the
    privileges of the web server (which usually means LocalSystem).

Solution

    Upgrade to Bea Weblogic 5.1.0, Service Pack 7:

        http://commerce.beasys.com/downloads/weblogic_server.jsp

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH