Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web4983.htm

Weblogic server DoS
9th Jan 2002 [SBWID-4983]

	Weblogic server DoS


	Bea Weblogic Server 6.1 Service Pack 1 for Windows NT/2000


	Peter Gründl of KPMG Danemark reported in BUG-ID [2002003] :

	When the  Weblogic  server  receives  a  .jsp  request,  it  invokes  an
	external compiler to deal with the .jsp ressource requested. The  server
	can be fooled into thinking you are requesting a  valid  .jsp  ressource
	by simply requesting a DOS-device (such as eg. aux)  and  appending  the
	.jsp extension to it (aux.jsp). The external compiler  is  then  invoked
	and due to the nature of the  DOS-devices,  this  working  thread  never

	The server can handle about  a  10-11  working  threads,  so  when  this
	number of active threads has been reached, the  server  will  no  longer
	service any requests. Since both HTTP and HTTPS are handled by the  same
	module, both are crippled if one is attacked.


	Vendor issued bug id CR062542. Pacth is  \"Service  Pack  2\"  available
	from :


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH