full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Assurent VR - Oracle BEA W

[Full-disclosure] Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

From: <VR-Subscription-noreply_at_nospam>
Date: Wed Jan 14 2009 - 02:36:36 GMT
To: full-disclosure@lists.grok.org.uk;, bugtraq@securityfocus.com


Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Assurent ID: FSC20090113-10

  1. Affected Software

  Oracle WebLogic Server 10.3
  Oracle WebLogic Server 10.0 released through MP1 Oracle WebLogic Server 9.2 released through MP3 Oracle WebLogic Server 9.1 Oracle WebLogic Server 9.0 Oracle WebLogic Server 8.1 released through SP6 Oracle WebLogic Server 7.0 released through SP7

Reference: http://www.bea.com/weblogic/server/

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in the Apache Connector component of Oracle BEA WebLogic Server. Specifically, the vulnerability is due to a boundary error when processing incoming HTTP requests and can lead to a buffer overflow condition. This boundary error can lead to a Denial of Service (DoS) condition for the Apache HTTP server.

3. Vulnerability Analysis

A remote unauthenticated attacker can exploit the vulnerability by sending a malicious HTTP request to the target system. A successful attack will result in a Denial of Service (DoS) condition for the Apache HTTP server, including all Apache-negotiated HTTP traffic to the WebLogic Server.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

  Oracle WebLogic Server 10.3
  Oracle WebLogic Server 10.0 released through MP1 Oracle WebLogic Server 9.2 released through MP3 Oracle WebLogic Server 9.1 Oracle WebLogic Server 9.0 Oracle WebLogic Server 8.1 released through SP6 Oracle WebLogic Server 7.0 released through SP7

5. Workaround

Apply the vendor patch, or limit access to the affected communication port for trusted hosts and networks only.

6. Vendor Response

Oracle has released a bulletin addressing this vulnerability.

Reference: https://support.bea.com/application_content/product_portlets/securityadvisories/2809.html

7. Disclosure Timeline 2008-11-05 Reported to vendor 2008-11-05 Initial vendor response 2009-01-13 Coordinated public disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE: CVE-2008-5457
  Vendor: Oracle - CPUJan2009 - CVE-2008-5457

  1. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.

http://www.assurent.com/index.php?id=17



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/