Original URL: http://www.theregister.co.uk/2008/08/07/oracle_weblogic_patch/
Oracle breaks patch cycle with emergency fix
Tackles buffer overflow exploits
Posted in Enterprise Security, 7th August 2008 10:51 GMT
Free whitepaper – Dell PowerEdge server benchmarks
Oracle broke its regular patch release cycle on Wednesday to issue a patch for a vulnerability in WebLogic that has become the target of hacker attacks over recent days.
Multiple versions of Oracle (formerly BEA) WebLogic application server software are affected by a buffer overflow flaw involving the Apache plug-in component of the enterprise package. Oracle issued workarounds last week soon after the flaw became the target of active exploits. The flaw creates a means to crash or, in the worst case, inject hostile code into vulnerable systems.
The WebLogic patch is the first to be published outside the three-monthly release cycle introduced by Oracle in January 2005. More details can be found in Oracle's advisory here (https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html).
The vulnerability came to light on 28 July, a little less than two weeks after Oracle published 45 security patches in the summer edition of its quarterly cycle. ®