Oracle releases emergency patch

Oracle has released a patch for a server flaw that can be exploited over a network without the use of a username or password.

Oracle has released a patch for a server flaw that can be exploited over a network without the use of a username or password.

The patch addresses a vulnerability in the Node Manager component of Oracle WebLogic Server, and affects the latest versions of the software, Oracle said in an advisory on Thursday.

It is highly unusual for Oracle to release an out-of-band patch for a critical flaw, as the company usually prefers to release critical patch updates every three months.

On Windows versions of WebLogic Server 9.0 and later, the flaw has a maximum Common Vulnerability Scoring System (CVSS) score of 10, according to the Oracle advisory. Linux and Unix versions were given a lower CVSS score due to the lower impact of the vulnerability on those systems.

For more on this story, read Oracle releases out-of-band patch for server hole on ZDNet UK.