BEA » Weblogic Server » 8.1 sp1 express : Security Vulnerabilities, CVEs, CVSS score >= 9
CVE-2008-3257
Public exploit
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Max CVSS
10.0
EPSS Score
93.27%
Published
2008-07-22
Updated
2017-09-29
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.
Max CVSS
10.0
EPSS Score
0.54%
Published
2007-01-23
Updated
2011-03-08
2 vulnerabilities found