Oracle Corp. plugged a severe flaw in the Apache plug-in for its WebLogic Server and addressed vulnerabilities in more than two dozen other products as part of its quarterly Critical Patch Update. Oracle said its security update contained patches for 36 flaws.
Oracle released six fixes to address vulnerabilities for the former BEA product line. Five of the vulnerabilities could be remotely exploited by an attacker. Eric Maurice, manager of security in Oracle's Global Technology Business Unit, warned customers that the most severe vulnerability was located in the Apache plug-in for Oracle WebLogic Server.
The article continues at http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1334777,00.html