Oracle Weblogic Vulnerability

Monday, February 01, 2010: Intevydis has disclosed a Vulneraility affecting Oracle Weblogic 10.3.2; other Versions might also be affected.  The Vulnerability exists in "Node Manager" Utility, an Optional utility that is used to Start and Stop Services Remotely.  This service Listens on T.C.P. Port 5556, and does not require Authentication.  The Vulnerability allows an Attacker to Connect to Port 5556 and Execute Arbitrary Commands.  It is recommended that customers Restrict Access to T.C.P. Port 5556 at Network Perimeters, and, if possible, Dis-Able Node Manager.