CVE-2009-1016

Currently unrated

Key Information:

Vendor: Oracle
Status: Bea Product Suite
Vendor: CVE Published:; 15 April 2009

Summary

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64934

vdb-entryx_refsource_XF

http://www.securitytracker.com/id?1022059

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/34461

vdb-entryx_refsource_BID

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Mar 19, 2009