Check Point Advisories

Update Protection against Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow

Check Point Reference: CPAI-2009-081
Date Published: 8 May 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA34074
Industry Reference:CVE-2009-1016
Protection Provided by:
Who is Vulnerable?

Oracle BEA WebLogic Server 7.0.x through 7.0 SP7
Oracle BEA WebLogic Server 8.1.x through 8.0 SP6
Oracle BEA WebLogic Server 9.0
Oracle BEA WebLogic Server 9.1
Oracle BEA WebLogic Server 9.2.x through 9.2 MP3
Oracle BEA WebLogic Server 10.0.x through 10.0 MP1
Oracle BEA WebLogic Server 10.3

Vulnerability Description A buffer overflow vulnerability was reported in BEA WebLogic Server, an Application Server platform for large enterprise web applications. The vulnerability is due to a boundary error while parsing SSL certificates. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted certificate to the target host.
Vulnerability DetailsThe vulnerability exists in BEA WebLogic Server's connector software for Apache HTTP server. The connector software refers to the component shipped with WebLogic and used for communicating with the back-end application server. The vulnerability is due to improper validation of client certificates.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK