15 lines
No EOL
913 B
Text
15 lines
No EOL
913 B
Text
source: https://www.securityfocus.com/bid/4646/info
|
|
|
|
BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.
|
|
|
|
BEA WebLogic Express provides a platform for serving dynamic data to web and wireless applications.
|
|
|
|
It is possible to create a denial of service condition by appending a null character to a request for a MS-DOS device name (such as AUX). Multiple malformed requests will cause the server to hang.
|
|
|
|
BugTraq ID 3816 "BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability" describes a similar condition, which was fixed in WebLogic Server 6.1 SP2. However, the null character variation of this attack affects systems running WebLogic Server 6.1 SP2.
|
|
|
|
The server must be restarted to regain normal functionality.
|
|
|
|
This issue may be exploited with a web browser. For example:
|
|
|
|
http://target//aux%00 |