Apache plug-in flaw for WebLogic Server and Express is the first to cause Oracle to release an off-cycle warning Oracle has released an emergency patch for a flaw the company issued a rare security alert for last week.Administrators should not apply the work-arounds the company previously recommended and apply the patch, Oracle said.The vulnerability lies in the Apache plug-in for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic), both application servers. The flaw can be remotely exploited and result in an attack that can compromise “the confidentiality, integrity and availability of the targeted system,” according to the company’s advisory.The flaw was given a 10.0 score — the most serious rating — on the CVSS scale (Common Vulnerability Scoring System), a framework used to evaluate the risks of a particular flaw.In the three years since Oracle started a regular patch cycle, the Apache plug-in flaw is the first one to cause the company to release an off-cycle warning. SecurityMalwarePatch Management Software