Unscheduled Oracle Security Alert for CVE-2010-0073 was released on February 4, 2010. Oracle strongly recommends applying the patches as soon as possible.
This Security Alert addresses a vulnerability in the Node Manager component of Oracle WebLogic Server. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system.
The Security Alert Advisory is the starting point for relevant information. It includes the list of products affected, a summary of the security vulnerability, and a pointer to obtain the patches. Supported products that are not listed in the “Supported and Affected Products” section of the advisory do not require new patches to be applied.
Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
The Advisory is available at the following location:
Oracle Critical Patch Updates and Security Alerts: http://www.oracle.com/technology/deploy/security/alerts.htm
Oracle Security Alert CVE-2010-0073: http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
