Oracle is warning customers that an exploit is circulating for a vulnerability in its WebLogic Server that remote attackers without authentication can use to access confidential data and cause denial of service.
In an advisory issued earlier this week, Oracle said an exploit has begun circulating that affects WebLogic Server applications that use versions of the WebLogic plug-in for Apache server released before July 28.
Oracle has yet to release a patch for the affected plug-in, but offered two workarounds that it says will protect users while it works on a fix.
One workaround involves configuring Apache server to reject certain invalid requests, which limits the maximum URL length to less than 4,000 bytes. Oracle notes that users can also protect themselves by downloading and installing the open source Web application firewall from ModSecurity.
Oracle assigned the vulnerability a CVSS severity score of 10 out of 10, as did the National Vulnerability Database. Danish security research firm Secunia gave it a 'highly critical' rating, or 4 on its 5 point severity scale.
Oracle picked up the widely used WebLogic application server in its $6.7 billion acquisition of BEA Systems, which closed in April. Earlier this month, Oracle said that WebLogic will become Oracle's flagship application server offering, but it will continue to develop its own application server.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- Oracle Closing In On $8.5 Billion Buyout Of BEA Systems
- BEA, VMware Extend Partnership For Java Virtualization
- Microsoft Details Windows-On-ARM Development Efforts
- Take Me To The Cloud: Oracle To Buy Taleo
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
