The Oracle Corporation has now roll out a patch a critical flaw filling level 10 (the utmost level in Oracle) existing in the Node Manager as well as WebLogic Server which offers access to the server without needing a password or else login.

In desperate times...

It is not customary for the firm released a patch that way. Generally, the firm released a series of updates every three months, which makes us say that the fault must be very serious and administrators are encouraged to take the necessary measures.

Scope of the problem and solutions

According to Oracle, Unix and Linux versions of WebLogic Server 9.0 are less affected than the Windows version, but anyway, the firm of Larry Elison recommends installing this patch soon, and updates published in January last.

It is also advisable to restricted access to the port used by Node Manager to only a trusted subnet has access. The update can be downloaded from the Oracle site.