BEA.Weblogic.Double.Dot.Buffer.Overflow

Release Date Apr 04, 2006
Severity critical
Impact This vulnerability allows remote attackers to traverse folders and read arbitrary files.
Description This indicates a potential buffer overflow exploit with BEA Systems Weblogic Server. BEA WebLogic Platform delivers application infrastructure technology in a single, unified, easy-to-use platform for application development, deployment, and management. The vulnerability is exploited when a specially crafted URL request is sent to the webserver. There is an unchecked buffer that exists in a handler that processes the URL request. This could result in either the server crashing or arbitrary code being executed on the system in the security context of the web server.
Affected Products Bea WebLogic Server for Windows NT prior to V5.1.0 - Service Pack 7
Recommended Actions Apply appropriate patches or upgrade the system to the latest non-vulnerable version.
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2001-0098
Reference/s http://www.securityfocus.com/bid/2138 (BugTraq)

Fortinet