CERT-In Vulnerability Note CIVN-2008-156
Vulnerability in Oracle WebLogic plug-in for Apache causes Denial of Service
Original Issue Date:October 15, 2008
Severity Rating:
High
Systems Affected
- Oracle WebLogic Server 9.0,9.1,10.3
- Oracle WebLogic Server 10.0 released through Maintenance Pack 1
- Oracle WebLogic Server 9.2 released through Maintenance Pack 3
- Oracle WebLogic Server 8.1 released through Service Pack 6
- Oracle WebLogic Server 7.0 released through Service Pack 7
- Oracle WebLogic Server 6.1 released through Service Pack 7
Overview
A vulnerability has been reported in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7, which could be exploited by remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Description
A vulnerability has been reported in certain versions of WebLogic Server.This vulnerability can be remotely exploited without authentication to affect the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the Oracle WebLogic plug-in for Apache.
Workaround
Vendor Information
Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/cpuoct2008.html
http://blogs.oracle.com/security/2008/10/14
https://support.bea.com/application_content/product_portlets/
securityadvisories/index.html
References
BEA
https://support.bea.com/application_content/product_portlets/
securityadvisories/2806.html
Security Database
http://www.security-database.com/cvss.php?alert=CVE-2008-4008
SecurityTracker
http://www.securitytracker.com/alerts/2008/Oct/1021056.html
Security Lab
http://en.securitylab.ru/nvd/361224.php
CVE Name
CVE-2008-4008
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
