Oracle.WebLogic.Server.mod_wl.HTTP.POST.Request.Code.Execution
Description
This indicates an attack attempt against a Buffer Overflow vulnerability in Oracle Weblogic server.
The vulnerability is caused by an error when the Apache connector (mod_wl) handles an overlong "HTTP POST" request. It allows a remote attacker to execute arbitrary code via sending a crafted "POST" request.
Affected Products
Oracle mod_wl
BEA Systems Weblogic Server 8.1 SP 6
BEA Systems Weblogic Server 8.1 SP 5
BEA Systems Weblogic Server 8.1 SP 4
BEA Systems Weblogic Server 8.1 SP 3
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 7.0 SP 7
BEA Systems Weblogic Server 7.0 SP 6
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 3
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 6.1 SP 7
BEA Systems Weblogic Server 6.1 SP 5
BEA Systems Weblogic Server 6.1 SP 4
BEA Systems Weblogic Server 6.1 SP 3
BEA Systems Weblogic Server 6.1 SP 2
BEA Systems Weblogic Server 6.1 SP 1
BEA Systems Weblogic Server 9.2 Maintenance Pack
BEA Systems Weblogic Server 9.2
BEA Systems Weblogic Server 9.1
BEA Systems Weblogic Server 9.0
BEA Systems Weblogic Server 10.0 MP1
BEA Systems Weblogic Server 10.0
BEA Systems WebLogic Express 8.1 SP 5
BEA Systems WebLogic Express 8.1 SP 4
BEA Systems WebLogic Express 8.1 SP 3
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 .0.1 SP 4
BEA Systems WebLogic Express 7.0 .0.1 SP 3
BEA Systems WebLogic Express 7.0 .0.1 SP 2
BEA Systems WebLogic Express 7.0 .0.1 SP 1
BEA Systems WebLogic Express 7.0 SP 7
BEA Systems WebLogic Express 7.0 SP 6
BEA Systems WebLogic Express 7.0 SP 5
BEA Systems WebLogic Express 7.0 SP 4
BEA Systems WebLogic Express 7.0 SP 3
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 7.0 SP 1
BEA Systems WebLogic Express 6.1 SP 7
BEA Systems WebLogic Express 6.1 SP 5
BEA Systems WebLogic Express 6.1 SP 4
BEA Systems WebLogic Express 6.1 SP 3
BEA Systems WebLogic Express 6.1 SP 2
BEA Systems WebLogic Express 6.1 SP 1
BEA Systems WebLogic Express 9.2
BEA Systems WebLogic Express 9.1
BEA Systems WebLogic Express 9.0
BEA Systems WebLogic Express 8.1.0 SP 6
BEA Systems WebLogic Express 10.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the patch,available from the web site:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-29 | 16.952 | Name:Oracle. mod_wl. HTTP. POST. Request. Code. Execution:Oracle. WebLogic. Server. mod_wl. HTTP. POST. Request. Code. Execution |