[VIM] Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

str0ke str0ke at milw0rm.com
Thu Jul 17 18:30:52 UTC 2008

I have named the exploit and placed kcope's code in the wrong section. 
It has been updated.


It is a zeroday which is released. Therefore a +-1day.
It should normally not be patched because the bug is in
the FRONTEND in the architecture. mod_wl (mod weblogic),
which runs on the front of big architectures. It is inside
the Apache Module not in Bea Weblogic itself.
Zeeya Rob.


Rob Keith wrote:
> Hey,
> Does anyone have any additional information on this exploit posted to
> milw0rm today? KingCope mentions its a +-1day (whatever that is), so
> curious if it is related to the recent patch sent out by Oracle; they
> addressed a number of issues in BEA Weblogic...
> http://www.milw0rm.com/exploits/6089
> Thanks!
> -Rob

More information about the VIM mailing list