Oracle has designed a patch for a critical DDoS vulnerability in its Apache web server platform.
According to an article on the Naked Security blog run by security firm Sophos, this the 5th time Oracle has been forced to issue an out-of-band update for one of its products.
The patch updates the Apache web server for Oracle's Fusion Middleware and Application Server products.
Sophos explained that the vulnerability, CVE-2011-3192, allows anyone with the right knowledge to initiate a distributed denial of service attack using a single web server. Hackers could exploit the vulnerability by requesting multiple parts of the same file at the same time, triggering a request for a massive amount of data.
“However conservative you might be, if you're an Oracle user, this patch is definitely recommended in a hurry. The general unwillingness of Oracle to deviate from its once-every-three-months patch cycle spells one word, "Importance.", Sophos advises, emphasising the necessity of the patch.
The Apache Software Foundation has already designed an update for the flaw, which was later followed by another update which improved the previous one.