Oracle issued an emergency patch for its WebLogic Server almost two weeks
after a white-hat hacker disclosed a vulnerability that allows criminals to
remotely execute commands on the webserver with no authentication necessary.
The vulnerability in the Node Manager component of Oracle WebLogic Server can
be exploited by carrying out commands over a network without requiring a
username and password, Oracle warned late last week. The company went through
the unusual step of issuing a patch outside its normal update cycle.
