Oracle has released an out-of-band patch to fix a gaping security hole in the Oracle WebLogic Node Manager. An attacker could launch remote attacks over a network without the need for a username and password. The patch follows the public release of exploit code as part of the recent Week of Web Server Bugs. Oracle is strongly recommending that this fix is applied immediately. The vulnerability further highlights the need to use least privilege as much as possible.
Source: https://threatpost.com/oracle-ships-critical-out-band-security-patch-020510/73500/