漏洞类别:CGI漏洞等级: 
漏洞信息
BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server.
The WebLogic Server can be integrated with third-party Web servers. This is accomplished by a plug-in that allows the third-party Web server to proxy requests to the Weblogic Server. Several buffer overflows in these plug-ins allow unauthorized users to execute arbitrary code on the system running the proxying Web server.
漏洞危害
As a result, unauthorized users can execute arbitrary code as the user running the proxying server. Typically, as 'root' on UNIX systems and as 'SYSTEM' on Microsoft NT systems.
解决方案
Install the latest service pack or upgrade to a new version of WebLogic Server. Both are available from the BEA WebLogic Server Download page.
0day
文章评论