Oracle Issued Warning Over the Security Concern of WebLogic
Oracle on Tuesday issued a Security Alert related to a vulnerability that affects the Apache plug-in for Oracle WebLogic, formerly known as BEA WebLogic. The problem lies in the Apache plugin for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic). Both of them areĀ application servers. The problem is rated as serious.
“It is remotely exploitable without authentication, … and it can result in compromising the confidentiality, integrity, and availability of the targeted system,” said Oracle’s Eric Maurice.
Oracle has posted a workaround for the above security hole. The workaround involves altering Apache’s httpd.conf file to limit the maximum URL length to less than 4,000 bytes. If that’s not workable, Oracle suggests installing the mod_security Apache module. Oracle is going to release a patch as soon as it will be ready.
The exploit code was published after July 15 when Oracle released the patch last time. Releasing or using exploit code just after patches have been issued is a tactic which is often employed against other companies such as Microsoft.
Source: Information World
Filed under Enterprise Software, Security