[SingCERT] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code

Last Updated on Friday, 01 August 2008 19:34

[Summary]
A vulnerability was reported in Oracle WebLogic in the Apache Connector. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted HTTP POST request to execute arbitrary code on the target system. The code will run with the privileges of the target service.

The vulnerability resides in mod_weblogic.

A demonstration exploit is available at: http://www.milw0rm.com/exploits/6089

[Solution/Workaround]
The vendor has described a workaround at: https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

[Reference]
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html