February 5, 2010, 4:21PM
Oracle Ships Critical Out-of-Band Security Patch
Comment 
Oracle
has released an out-of-band patch to fix a gaping security hole in the
Oracle WebLogic Node Manager and, warning that an attacker could launch
remote attacks over a network without the need for a username and
password.
The patch follows the public release of exploit code as part of the recent Week of Web Server Bugs.
From Oracle's advisory:
A successful exploitation of this vulnerability may result in a full compromise of the targeted server on Windows. On other platforms (Unix, Linux, etc.), the attacker may gain access to the targeted server with the same privileges as the WebLogic server processes. This kind of vulnerability further highlights the need to use "least privilege" as much as possible on operating systems for running sensitive processes and applications.
Oracle is "strongly recommending" that this fix is applied immediately.
Here is the link to Oracle's patch information. And here is the exploit code released by Evgeny Legerov.
It is very rare for Oracle to ship patches outside of its quarterly Critical Patch Update schedule.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
Most Commented Stories
-
UPDATE: Looking For a 'FireSheep' Moment, Researchers Lay Bare Woeful SCADA Security (16)
-
Video: New Banking Trojan Caught Breaking CAPTCHA (4)
-
Apple Ships Huge Set of Patches for OS X (3)
-
Update: Verisign Admits To Security Breaches in 2010 (3)
-
Market Fail: Regulations May Be Only Hope For Securing Critical Infrastructure (2)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
