Thursday, August 7, 2008

WebLogic Server Apps - SECURITY ALERT

Oracle released a revision of the July 28 Security Alert for CVE-2008-3257 on August 4, 2008. This advisory addresses an exploit that has become publicly available which may impact the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. We strongly suggest that you read the advisories posted here.
An email communication was sent to all customers announcing the Security Alert on August 4.
Information for downloading the patches was made available at https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html.



Security Alert for this issue is also posted at “Oracle Critical Patch Updates and Security Alerts” page (under the “Security Alerts” section). Please note that Security Advisories Notifications page for BEA products is moved here

If you have any questions or have a need to verify the authenticity of this message, please contact your local Oracle Customer Support Center for BEA products or mail to: support@bea.com.

Additional CPU Program information is available here.
Security Alerts and Critical Patch Updates -- Frequently Asked Questions.

No comments:

Official, Youbetcha Legalese

This blog is provided for information purposes only and the contents hereof are subject to change without notice. This blog contains links to articles, sites, blogs, that are created by entities other than Oracle. These links may contain advice, information, and opinion that is incorrect or untested. This blog, links, and other materials contained or referenced in this blog are not warranted to be error-free, nor are they subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this blog, links and other materials contained or referenced in this blog, and no contractual obligations are formed either directly or indirectly by this blog, link or other materials. This blog may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. The opinions and recommendations contained in this blog(including links) do not represent the position of Oracle Corporation.

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.