Oracle has released an emergency patch for the serious flaw in its WebLogic server, which it warned users about in a rare security alert last week.
Administrators should not apply the work-arounds the company previously recommended, but instead should apply the patch, Oracle said.
The vulnerability lies in the Apache plugin for the Oracle WebLogic Server and Express products (formerly known as BEA WebLogic), both application servers.
The flaw can be remotely exploited and result in an attack that can compromise "the confidentiality, integrity and availability of the targeted system," according to the company's advisory.
The flaw was given a 10.0 score - the most serious rating - on the CVSS scale (Common Vulnerability Scoring System), a framework used to evaluate the risks of a particular flaw.
In the three years since Oracle started a regular patch cycle, the Apache plugin flaw is the first one to cause the company to release an off-cycle warning.