Oracle broke its regular patch release cycle on Wednesday to issue a patch for a vulnerability in WebLogic that has become the target of hacker attacks over recent days.

Multiple versions of Oracle (formerly BEA) WebLogic application server software are affected by a buffer overflow flaw involving the Apache plug-in component of the enterprise package. Oracle issued workarounds last week soon after the flaw became the target of active exploits. The flaw creates a means to crash or, in the worst case, inject hostile code into vulnerable systems.

The WebLogic patch is the first to be published outside the three-monthly release cycle introduced by Oracle in January 2005. More details can be found in Oracle's advisory here.

The vulnerability came to light on 28 July, a little less than two weeks after Oracle published 45 security patches in the summer edition of its quarterly cycle. ®

Related stories

• Oracle releases whole security blanket of patches (16 April 2009)
• Oracle patch batch eclipses Microsoft Patch Tuesday (9 January 2009)
• Oracle assures financiers they're not that important after all (19 September 2008)
• Hello, this is Oracle - we're not in right now (29 August 2008)
• WebLogic to open gates on Oracle rationalization (4 August 2008)
• Oracle warns over unpatched vuln (29 July 2008)
• Oracle preps summer patch cluster (11 July 2008)
• Oracle risks loss of influential BEA users (4 July 2008)
• BEA gets last laugh on Oracle app server (1 July 2008)