Oracle issued an advisory regarding a critical security problem in its WebLogic Server. If you're using the platform, then you need to implement a workaround to gain the necessary protection.

You can either configure the server's LimitRequestLine parameter to 4,000 since you probably won't need to use URLs that are longer than 4,000 bytes. Or, you can integrate mod_security for defense. The former is easier of course since mod_security is relatively complex. But for better all-around protection mod_security is the obvious solution.