Oracle Issued Warning Over the Security Concern of WebLogic

Oracle on Tuesday issued a Security Alert related to a vulnerability that affects the Apache plug-in for Oracle WebLogic, formerly known as BEA WebLogic. The problem lies in the Apache plugin for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic). Both of them are  application servers. The problem is rated as serious.

“It is remotely exploitable without authentication, … and it can result in compromising the confidentiality, integrity, and availability of the targeted system,” said Oracle’s Eric Maurice.

Oracle has posted a workaround for the above security hole. The workaround involves altering Apache’s httpd.conf file to limit the maximum URL length to less than 4,000 bytes. If that’s not workable, Oracle suggests installing the mod_security Apache module. Oracle is going to release a patch as soon as it will be ready.

The exploit code was published after July 15 when Oracle released the patch last time. Releasing or using exploit code just after patches have been issued is a tactic which is often employed against other companies such as Microsoft.

Source: Information World

Filed under Enterprise Software, Security | Tags: , , , , , , , | Comment Below

Leave a Reply

Protected by Comment Guard Pro