Oracle has released an emergency patch for a flaw the company issued a rare security alert for last week.
Administrators should not apply the work-arounds the company previously recommended and apply the patch, Oracle said.
The vulnerability lies in the Apache plug-in for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic), both application servers.
The flaw can be remotely exploited and result in an attack that can compromise "the confidentiality, integrity and availability of the targeted system," according to the company's advisory.
The flaw was given a 10.0 score -- the most serious rating -- on the CVSS scale (Common Vulnerability Scoring System), a framework used to evaluate the risks of a particular flaw.
In the three years since Oracle started a regular patch cycle, the Apache plug-in flaw is the first one to cause the company to release an off-cycle warning.
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
