AOH :: Web :: Servers :: WLOGIC6.HTM

AOH :: Web :: Servers :: WLOGIC6.HTM
BEA WebLogic Server prior to V5.1.0 - Service Pack 7 buffer overflow, race condition

Vulnerability

    WebLogic

Affected

    Bea WebLogic Server prior to V5.1.0 - Service Pack 7

Description

    Following is based on a Defcom Labs Advisory def-2000-04 by  Peter
    Grundl.   It  is  possible  to  trigger  a race condition that can
    result in the stack and registers being partially overwritten.

    WebLogic Server has a specific handler for URL requests that start
    with "dotdot". By  sending a large  URL (..aaaaaaaaaaaaaaaaaaxlots
    more)  and  disconnecting,  it  is  possible  to  trigger a buffer
    overflow.   The  result  can  be  anywhere  from  crashing the web
    server,  to  executing  arbitrary  code  on  the  server  with the
    privileges of the web server (which usually means LocalSystem).

Solution

    Upgrade to Bea Weblogic 5.1.0, Service Pack 7:

        http://commerce.beasys.com/downloads/weblogic_server.jsp

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.