[VIM] Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC
str0ke at milw0rm.com
Thu Jul 17 18:30:52 UTC 2008
I have named the exploit and placed kcope's code in the wrong section.
It has been updated.
It is a zeroday which is released. Therefore a +-1day.
It should normally not be patched because the bug is in
the FRONTEND in the architecture. mod_wl (mod weblogic),
which runs on the front of big architectures. It is inside
the Apache Module not in Bea Weblogic itself.
Rob Keith wrote:
> Does anyone have any additional information on this exploit posted to
> milw0rm today? KingCope mentions its a +-1day (whatever that is), so
> curious if it is related to the recent patch sent out by Oracle; they
> addressed a number of issues in BEA Weblogic...
More information about the VIM