Share
Recommend
Print
E-mail
Comment 
Read this informative brief, prepared by Cascadia Labs, and learn how to ask the right questions to get the right answers when sourcing endpoint security vendors.
Download Now
February 5, 2010, 4:21PM
Oracle Ships Critical Out-of-Band Security Patch
Oracle
has released an out-of-band patch to fix a gaping security hole in the
Oracle WebLogic Node Manager and, warning that an attacker could launch
remote attacks over a network without the need for a username and
password.
The patch follows the public release of exploit code as part of the recent Week of Web Server Bugs.
From Oracle's advisory:
A successful exploitation of this vulnerability may result in a full compromise of the targeted server on Windows. On other platforms (Unix, Linux, etc.), the attacker may gain access to the targeted server with the same privileges as the WebLogic server processes. This kind of vulnerability further highlights the need to use "least privilege" as much as possible on operating systems for running sensitive processes and applications.
Oracle is "strongly recommending" that this fix is applied immediately.
Here is the link to Oracle's patch information. And here is the exploit code released by Evgeny Legerov.
It is very rare for Oracle to ship patches outside of its quarterly Critical Patch Update schedule.
Recommended Reads
Shorten URL: http://threatpost.com/en_us/3Ed. Click to copy to clipboard or post to Twitter
Threatpost Newsletter
Featured Slideshows
Take Our Poll
Threatpost Content as You Like It
 |
 |
 |
| Become a fan on | Follow us on | Sign-up for our Newsletter |
Comments
Post new comment