Oracle recommends immediate patching to fix multiple vulnerabilities in the Oracle Web Cache. Oracle declined to...
provide details, but failure to fix the problems could allow malicious remote exploitation.
Oracle is warning users that Oracle Web Cache contains multiple vulnerabilities, due to errors in handling client requests. Web Cache must be running and listening on the Oracle Application Server Web Cache listener port for any client request for the remote exploit to work. The type of origin Web server (for example, Oracle HTTP Server or Apache) doesn't matter. However, it isn't possible to exploit the vulnerabilities if the client request bypasses Web Cache and is sent directly to the origin Web server. Oracle notes that typical default installations of Oracle Application Server include Web Cache. Web Cache may also be installed as a stand alone.
Oracle warns that risk to exposure is high and firewalls don't protect against these vulnerabilities. There is no workaround to this problem. Oracle suggests restricting or carefully monitoring access to Web Cache until patches can be applied.