cbcvebase.
CVE-2001-0098
published 2001-02-12

CVE-2001-0098: Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
78.37%
99.5th percentile
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

Affected

1 ranges
VendorProductVersion rangeFixed in
beaweblogic_server<= 4.5.2

Detection & IOCsextracted from sources · hover to see the quote

commandURL beginning with ".." (double-dot) string triggering buffer overflow
  • Detect abnormally long HTTP requests where the URL path begins with '..' (double-dot); such requests targeting BEA WebLogic Server 4.0.x, 4.5.x, or 5.1.x (prior to 5.1.0 patched) may indicate exploitation of this buffer overflow.
  • Monitor for WebLogic Server process crashes or unexpected restarts, which may indicate a denial-of-service attempt via random data sent to the double-dot URL handler.
  • Alert on HTTP requests to WebLogic where the URL starts with '..' and the overall URL length is unusually large, as this is the specific attack vector for arbitrary code execution.
  • ·Vulnerability affects BEA WebLogic Server versions 4.0.x, 4.5.x, and 5.1.x prior to the 5.1.0 patch; versions at or after the fix are not affected.
  • ·Exploitation occurs in the security context of the web server process; impact depends on the privilege level under which WebLogic is running.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.