CVE-2009-1012

Name of the Vulnerable Software and Affected Versions Oracle BEA WebLogic Server versions 7.0 Gold through SP7 Oracle BEA WebLogic Server versions 8.1 Gold through SP6 Oracle BEA WebLogic Server version 9.0 Oracle BEA WebLogic Server version 9.1 Oracle BEA WebLogic Server versions 9.2 Gold through MP3 Oracle BEA WebLogic Server versions 10.0 Gold through MP1 Oracle BEA WebLogic Server version 10.3

Description The issue affects the confidentiality, integrity, and availability of the system. It is claimed by a reliable researcher to be an integer overflow in an unspecified plug-in that parses HTTP requests, leading to a heap-based buffer overflow. However, Oracle has not commented on these claims.

Recommendations For Oracle BEA WebLogic Server versions 7.0 Gold through SP7, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server versions 8.1 Gold through SP6, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server version 9.0, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server version 9.1, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server versions 9.2 Gold through MP3, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server versions 10.0 Gold through MP1, update to a version outside of this range to resolve the issue. For Oracle BEA WebLogic Server version 10.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the plug-in that parses HTTP requests until a patch is available.