Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The Oracle BEA WebLogic Server can be configured to receive requests via an Apache, Sun, or IIS web server. In this case, a plug-in is installed in the Internet-facing web server that passes the request to a WebLogic server. An integer overflow when parsing HTTP requests can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76691/secunia-beawlpi.txt
Source: https://packetstormsecurity.com/files/76691/Oracle-BEA-WebLogic-Server-Plug-ins-Integer-Overflow.html