COMMAND

    WebLogic

SYSTEMS AFFECTED

    Bea WebLogic Server prior to V5.1.0 - Service Pack 7

PROBLEM

    Following is based on a Defcom Labs Advisory def-2000-04 by  Peter
    Grundl.   It  is  possible  to  trigger  a race condition that can
    result in the stack and registers being partially overwritten.

    WebLogic Server has a specific handler for URL requests that start
    with "dotdot". By  sending a large  URL (..aaaaaaaaaaaaaaaaaaxlots
    more)  and  disconnecting,  it  is  possible  to  trigger a buffer
    overflow.   The  result  can  be  anywhere  from  crashing the web
    server,  to  executing  arbitrary  code  on  the  server  with the
    privileges of the web server (which usually means LocalSystem).

SOLUTION

    Upgrade to Bea Weblogic 5.1.0, Service Pack 7:

        http://commerce.beasys.com/downloads/weblogic_server.jsp