Critical patch for BEA Weblogic on Oracle patch day
Oracle's quarterly Critical Patch Update (CPU) is once again generating a fair amount of work for database administrators. 15 patches with a top CVSS score of 6.5 out of 10 affect the Oracle database alone. In addition, there are a number of patches for the Application Server, the E-Business Suite, for Peoplesoft and for BEA.
Critical with a rating of 10 is the patch for WebLogic server plugins for Apache (CVE-2008-4008). This seems to concern another problem in connection with an Apache plugin which is not directly related to the recently published Weblogic problem fixed with an additional patch and also rated at 10 (CVE-2008-3257).
- Oracle Critical Patch Update Advisory - October 2008, overview by Oracle
- Security vulnerability in WebLogic plug-in for Apache, advisory concerning (CVE-2008-4008)