It looks like Oracle isn’t even fixing the issues here, they’re just blacklisting commands. In this case they missed the very next command.
Clive Tyldesley: Goooooooooaaaaaaal!
Gary Taphouse: Actually, an own-goal, Clive!
Earlier this month, Oracle patched a critical vulnerability in its WebLogic server – but someone identifying himself as an Alibaba security researcher reckons Big Red botched the patch. The bug in question was fixed in Oracle's 254-strong quarterly patch-fest that was headlined by Java and Spectre fixes. Tucked way down on …