[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Oracle issues zero-day security alert
By Shaun Nichols in San Francisco
31 Jul 2008
Oracle has posted an alert  for a serious flaw in its WebLogic Server
and Express products.
The issue lies within the Apache Connector component used by both
systems, and attack code is publicly available.
Oracle warned that the attack could be remotely exploited by an attacker
without the need for any authentication information, and could give
control over the targeted system.
The company has not yet issued a patch, but has provided a set of
workarounds to help administrators mitigate the risk. It is currently
working on a patch.
The warning comes just two weeks after Oracle issued a major security
update  which patched 45 vulnerabilities in 23 of its products.
Security firm Sans and the US Computer Emergency Response Team recommend
that administrators read Oracle's advisory and take the suggested
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com