CVE-2009-1016

Name of the Vulnerable Software and Affected Versions BEA Product Suite versions 7.0 SP7 through 10.3 BEA WebLogic Server version 8.1 SP6 BEA WebLogic Server versions 9.0 through 9.2 MP3

Description The issue affects confidentiality, integrity, and availability, and is related to IIS. It may involve a stack-based buffer overflow related to an unspecified Server Plug-in and a crafted SSL certificate.

Recommendations For BEA Product Suite versions 7.0 SP7 through 10.3, consider restricting access to the Server Plug-in to minimize the risk of exploitation. For BEA WebLogic Server version 8.1 SP6, avoid using crafted SSL certificates until the issue is resolved. For BEA WebLogic Server versions 9.0 through 9.2 MP3, as a temporary workaround, consider disabling the use of SSL certificates in the Server Plug-in until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.