Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0098 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Weblogic Server

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

21.4%

top 4.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

BEA Weblogic Server

Timeline

PublishedFeb 12

Latest updateApr 30

Description

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDbea/weblogic_server4.5.2

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-hjp2-87wj-g7c8: Buffer overflow in Bea WebLogic Server before 5↗2022-04-30

▶

CVEList

CVE-2001-0098: Buffer overflow in Bea WebLogic Server before 5↗2001-02-02

▶

💥Exploits & PoCs

Exploit-DB

BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow↗2000-12-19

▶