Hi, this is Eric Maurice again.
Oracle today issued an updated Security Alert related to the previously reported vulnerability CVE-2008-3257. The purpose of this updated Security Alert is to let WebLogic customers know about the immediate availability of the fixes on all supported platform and version combinations.
As we reported a week ago, Oracle felt that the nature of this vulnerability, which affected the Apache plugin for Oracle WebLogic, along with its publication in various public forums, and the availability of exploit code, warranted the issuance of an out-of-cycle patch. While this patch will also be included in the upcoming Critical Patch Update (scheduled for October 14, 2008), we recommend that customers apply the current patch as soon as possible, even if they have implemented the recommended workarounds.
For More Information:
The Security Alert for this vulnerability is posted on http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
Oracle Software Security Assurance web site is located at: http://www.oracle.com/security/software-security-assurance.html
Critical Patch Updates & Security Alerts web site is located at: http://www.oracle.com/technology/deploy/security/alerts.htm
