Oracle: Security flaw could bring down app servers

Oracle has issued an emergency patch to fix a vulnerability it says could bring down HTTP application servers it sells that are based on Apache 2.0 or 2.2.

Attackers can exploit the weakness remotely without a username or password, Oracle said in a security alert issued Thursday.

Products impacted by the bug include Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0 and 11.1.1.5.0; Oracle Application Server 10g Release 3, version 10.1.3.5.0; and Oracle Application Server 10g Release 2, version 10.1.2.3.0.

More