[VIM] Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC
str0ke
str0ke at milw0rm.com
Thu Jul 17 18:30:52 UTC 2008
I have named the exploit and placed kcope's code in the wrong section.
It has been updated.
/str0ke
It is a zeroday which is released. Therefore a +-1day.
It should normally not be patched because the bug is in
the FRONTEND in the architecture. mod_wl (mod weblogic),
which runs on the front of big architectures. It is inside
the Apache Module not in Bea Weblogic itself.
Zeeya Rob.
/kcope--2008
Rob Keith wrote:
> Hey,
>
> Does anyone have any additional information on this exploit posted to
> milw0rm today? KingCope mentions its a +-1day (whatever that is), so
> curious if it is related to the recent patch sent out by Oracle; they
> addressed a number of issues in BEA Weblogic...
>
> http://www.milw0rm.com/exploits/6089
>
> Thanks!
> -Rob
>
>
More information about the VIM
mailing list