Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle WebLogic Server (CVE-2010-0073).
According to Oracle, "This vulnerability may be remotely exploitable without authentication. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system." Oracle strongly recommends testing and apply this fix as soon as possible. Additional information is available here.
The list of affected product:
Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2)
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Feb 6th 2010
7 years ago