Intrusion Prevention

BEA.WebLogic.Redirect.Request.Plugin.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in BEA Systems Weblogic Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling an overly long URL. It allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

Affected Products

BEA Systems Weblogic Server 5.1 x
BEA Systems Weblogic Server 4.5 x
BEA Systems Weblogic Server 4.0 x
BEA Systems Weblogic Server 3.1.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

CVE References

CVE-2000-0681