header-logo
Suggest Exploit
vendor:
WebLogic Server
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: WebLogic Server
Affected Version From: WebLogic Server 6.1 SP2
Affected Version To: WebLogic Server 6.1 SP2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows, Unix, Linux
2002

BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability

It is possible to create a denial of Service condition by appending a null character to a request for a MS-DOS device name (such as AUX). Multiple malformed requests will cause the server to hang.

Mitigation:

Restart the server to regain normal functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4646/info

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.

BEA WebLogic Express provides a platform for serving dynamic data to web and wireless applications.

It is possible to create a denial of service condition by appending a null character to a request for a MS-DOS device name (such as AUX). Multiple malformed requests will cause the server to hang.

BugTraq ID 3816 "BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability" describes a similar condition, which was fixed in WebLogic Server 6.1 SP2. However, the null character variation of this attack affects systems running WebLogic Server 6.1 SP2.

The server must be restarted to regain normal functionality. 

This issue may be exploited with a web browser. For example:

http://target//aux%00

Navigation

Suggest Exploit

Services By CQR