A vulnerability exists in the parsing of the JSESSIONID cookie in the Apache Plug-in connector for BEA Weblogic that can result in a buffer overflow. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. The only way to get the patch is with a Oracle Support Account. This link is still on most of the BEA weblogic pages. This vulnerability is the result of an incorrectly bounded strncpy that uses the length of the cookie parameter as the amount of data to copy.”]
Source: https://blog.talosintelligence.com/2009/03/bea-weblogic-plug-in-for-apache.html