Oracle Issues Out-of-cycle Patch for Flaw

Oracle has released an emergency patch for a flaw the company issued a rare security alert for last week.

Administrators should not apply the work-arounds the company previously recommended and apply the patch, Oracle said.

The vulnerability lies in the Apache plugin for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic), both application servers.

The flaw can be remotely exploited and result in an attack that can compromise "the confidentiality, integrity and availability of the targeted system," according to the company's advisory.

The flaw was given a 10.0 score -- the most serious rating -- on the CVSS scale (Common Vulnerability Scoring System), a framework used to evaluate the risks of a particular flaw.

In the three years since Oracle started a regular patch cycle, the Apache plugin flaw is the first one to cause the company to release an off-cycle warning.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon