Oracle urges WebLogic users to apply Apache workaround

Oracle is working to develop a patch for a major security hole in its WebLogic product that could allow anyone to gain access to affected IT systems. It has recommended that users deploy a workaround in the meantime to protect systems, while it develops a permanent patch.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The company issued a security alert after the hole in WebLogic was revealed to internet users. The vulnerability affects the Apache Connector component (mod_weblogic) of the Oracle Weblogic Server (formerly BEA WebLogic Server). Oracle warned that this vulnerability could be remotely exploited without authentication, which means a hacker could gain access to the server without a username and password.

As an interim step, until it releases the patch, Oracle has published a workaround, which reconfigures the Apache component to reject invalid data.

Misconfiguration in application server software can often lead to lower levels of security, which makes the server open to hacking attacks. Research from enterprise application security specialist Fortify' revealed that certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.1 and Microsoft .NET Web Services Enhancements (WSE) 2.0 and Microsoft Windows Communication Foundation (WCF), adversely affect security. Poor configuration could lead to weak authentication and weak encryption, Fortify warned.