To the httpd.conf file and restarting Apache. If URL's have to be longer than 4000 bytes then mod_security can also be considered.
Eric Maurice has also released a note on his blog titled "Security Alert for CVE-2008-3257 Released" with more details. Oracle's own advisory is titled "Oracle Security Alert for CVE-2008-3257". There is also a news item over on E-Week Oracle Sounds Alert Over Unpatched WebLogic Server Flaw:
"Hackers have released exploit codes for an unpatched flaw affecting the Apache plug-in for Oracle's WebLogic Server. While Oracle prepares a patch for the vulnerability, it has provided information on workarounds to help ensure enterprise security.
Oracle officials are issuing a red alert regarding a flaw affecting the Apache plug-in for Oracle WebLogic after exploit codes for the vulnerability were posted in public forums."