What is CVE-2008-3257?

CVE-2008-3257 is a vulnerability in N/a. Published 2008-07-22.

Is CVE-2008-3257 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a s…

EPSS: 0.808 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC (mailing-list, x_refsource_VIM)
20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC (mailing-list, x_refsource_VIM)
6089 (exploit, x_refsource_EXPLOIT-DB)
www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html (x_refsource_CONFIRM)
support.bea.com/application_content/product_portlets/securityadvisories/2793.ht… (x_refsource_CONFIRM)
31146 (x_refsource_SECUNIA, third-party-advisory)
30273 (vdb-entry, x_refsource_BID)
blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html (x_refsource_CONFIRM)
1020520 (vdb-entry, x_refsource_SECTRACK)
oracle-weblogic-apacheconnector-bo(43885) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2008-3257?: CVE-2008-3257 is a vulnerability in N/a. Published 2008-07-22.
Is CVE-2008-3257 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.