• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux vendors.

It is possible to remotely crash a system running Bea Systems WebLogic Server by submitting numerous URL requests for a MS-DOS devicename appended with a .jsp extension, such as

www.example.com/aux.jsp

A hard reboot of the exploited server will be required to restore web services.