A remote overflow exists in the BEA Weblogic Apache Connector. The connector fails to properly handle overly long HTTP POST requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause the server to crash and potentially execute arbitrary code.

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Set the apache configuration option of: 'LimitRequestLine 4000' OR implement Apache mod_security, per Oracle/BEA suggested workarounds.

Unknown or Incomplete

• Security Tracker: 1020520
• Exploit Database: 18897 6089
• CVE ID: 2008-3257 (see also: NVD)
• Secunia Advisory ID: 31146
• ISS X-Force ID: 43885
• Metasploit ID: 47096
• Milw0rm: 6089
• VUPEN Advisory: ADV-2008-2145
• Vendor Specific Advisory URL: http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html
  https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
• News Article: http://blogs.zdnet.com/security/?p=1581
  http://www.vnunet.com/vnunet/news/2222923/oracle-issues-security-warning
• Packet Storm: http://packetstormsecurity.org/files/112864/Oracle-Weblogic-Apache-Connector-POST-Request-Buffer-Overflow.html
• Mail List Post: http://www.attrition.org/pipermail/vim/2008-July/002035.html
  http://www.attrition.org/pipermail/vim/2008-July/002036.html
• Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/weblogic_apache_connector_post
• Vendor Specific Solution URL: https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

• KingCope -