Apacheのプラグインに認証なしに攻撃が可能な脆弱性だそうです。

すでに攻撃コードが出ているとのこと。

Recently an exploit has become publicly available which may impact the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. This note provides information for workarounds for this vulnerability.

A subsequent revision of this note will be issued with information on how to obtain an updated version of the Apache plug-in to remedy this issue without the use of workarounds. This revision will be issued after testing has been completed on that updated plug-in.

Oracle Fusion Middleware

関連記事

• US-CERT Current Activity
• 臨時で公開：WebLogicに極めて深刻な脆弱性、Oracleが異例のアラート - ITmedia エンタープライズ
• SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
• WebLogicに深刻なぜい弱性、認証なしでファイルを見られる恐れ：ITpro