Oracle Web Logic Server - Serious Zero Day (exploitable w/o authentication)

Companies using Oracle's Web Logic Server should apply protection quickly to address this serious security exposure.

Oracle Web Logic Server - Serious Zero Day (exploitable w/o authentication)
http://isc.sans.org/diary.html?storyid=4798
http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

QUOTE: Oracle has released an emergency workaround that corrects a 0-day flaw in WebLogic Server and WebLogic Express, specifically with the Apache Connector, which is remotely exploitable without authentication.

Supported Products and Components Affected

• Oracle WebLogic Server 10.0 released through MP1    
• Oracle WebLogic Server 9.0, 9.1, 9.2 released through MP3    
• Oracle WebLogic Server 8.1 released through SP6    
• Oracle WebLogic Server 7.0 released through SP7    
• Oracle WebLogic Server 6.1 released through SP7

Patch Availability: Fixes for this vulnerability will be made available as soon as testing is completed when an updated version of this document will be uploaded and email sent to affected customers. Until fixes are available, workarounds described at

https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html