Oracle rushes to patch serious flaw
By Miya Knights,
Oracle late yesterday issued a rare out-of-cycle patch for a public flaw in its application server products that can be exploited remotely, without authentication.
The emergency patch replaces workarounds the vendor issued last week in a rare security warning about a vulnerability in the Apache plug-in for the application servers, Oracle WebLogic (formerly BEA WebLogic) Server and Express products.
Oracle advised administrators to apply the patch immediately, which replaces the vulnerable Apache plug-in with an updated version “to remedy this issue without the use of workarounds,” it said.
The warning said that the flaw could be exploited remotely “over a network without the need for a username and password,” compromising “the confidentiality, integrity and availability of the targeted system”.
Accordingly the flaw was rated 10 on the Common Vulnerability Scoring System (CVSS) – the risk evaluation framework’s most severe rating.
This is the first time in three years, since Oracle began patching its systems in a regular quarterly update cycle, it has issued a security warning and patch outside its normal patch cycle.
The last Critical Patch Update Oracle issued was mid-July, but none of the flaws fixed then were as severe as this most recent Apache plug-in vulnerability.
Related Tags
advertisement
Latest Server Features
Top 10 tips for green IT
We run down the top 10 ways to cut energy use and green up your business technology.
- Copyright on the tracks
- Q&A: HP Labs’ Prith Banerjee
- IT proves its point as killer brought to justice
- Storing the virtual world
- The present and future of IT security
- What's happened to VMware?
- Free Linux driver development
- Tera Scale Lab: Where hardware meets software
- Big IT for CERN's particle smashing experiment
Latest Server Reviews
Boston 3000GP - AMD Shanghai Server
Rating: 
- IBM System x3455
- GFI MailArchiver 6 for Exchange
- EXCLUSIVE - NEC FlexPower Server
- EXCLUSIVE - Fujitsu Siemens Primergy RX600 S4
- Xerox Phaser 6180VDN
- VeryPC GreenServer Janus II
- EXCLUSIVE: Hewlett Packard ProLiant DL785 G5
- EXCLUSIVE: IBM System x3850 M2
- Zeus Extensible Traffic Manager Load Balancer 5
advertisement
Latest News Videos in Server
Video: Steve Murphy, Hitachi Data Systems
PlayIT PRO speaks to Steve Murphy, UK Managing Director of storage technology specialist Hitachi Data Systems.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?