Oracle sounds alarm over serious WebLogic flaw

Oracle has posted a security warning about a vulnerability in the Apache component of its WebLogic Server, even though it doesn't have a patch ready yet. It's taken the rare step of making an out-of-cycle security alert because information on the flaw and exploit code for it are already circulating online, it said in a statement on Monday.

Oracle has posted a security warning about a vulnerability in the Apache component of its WebLogic Server, even though it doesn't have a patch ready yet. It's taken the rare step of making an out-of-cycle security alert because information on the flaw and exploit code for it are already circulating online, it said in a statement on Monday.

Adding to the risk is that the flaw can be exploited over a network without authentication, which means an attacker doesn't need to know a valid username or password.

The software maker says it will release an unscheduled patch as soon as it has a fix, and is urging customers to use its recommended workaround until then.