[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Bea WebLogic Server dotdot-overflow

Title: Bea WebLogic Server dotdot-overflow
Released by: Defcom Labs
Date: 19th December 2000
Printable version: Click here

                   Defcom Labs Advisory def-2000-04

              Bea WebLogic Server dotdot-overflow

Author: Peter Gründl 

Release Date: 2000-12-19


------------------------=[Brief Description]=-------------------------

It is possible to trigger a race condition that can result in the

stack and registers being partially overwritten.

------------------------=[Affected Systems]=--------------------------

Bea WebLogic Server for Windows NT prior to V5.1.0 - Service Pack 7

----------------------=[Detailed Description]=------------------------

WebLogic Server has a specific handler for URL requests that start

with "dotdot". By sending a large URL (..aaaaaaaaaaaaaaaaaaxlots more)

and disconnecting, it is possible to trigger a buffer overflow. The

result can be anywhere from crashing the web server, to executing

arbitrary code on the server with the privileges of the web server

(which usually means LocalSystem).


Upgrade to Bea Weblogic 5.1.0, Service Pack 7:


-------------------------=[Vendor Response]=--------------------------

This issue was brought to the vendor's attention on the 20th of

November, and notification of a fix was received by Defcom on the 19th

of December.


             This release was brought to you by Defcom Labs

               labs@defcom.com             www.defcom.com


(C) 1999-2000 All rights reserved.