CVE-2008-4008

Name of the Vulnerable Software and Affected Versions BEA Product Suite versions 6.1 SP7, 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP1, 10.3

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to an invalid parameter and might be a stack-based buffer overflow in the WebLogic Apache Connector, although Oracle has not commented on this claim.

Recommendations For BEA Product Suite version 6.1 SP7, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 7.0 SP7, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 8.1 SP6, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 9.0, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 9.1, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 9.2 MP3, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 10.0 MP1, consider applying the necessary patches or updates to resolve the issue. For BEA Product Suite version 10.3, consider applying the necessary patches or updates to resolve the issue. As a temporary workaround, consider restricting access to the WebLogic Apache Connector to minimize the risk of exploitation.