|
|
A potential security vulnerability in Oracle XSQL Servlet has been discovered when using
stylesheets as URL parameters which permits the execution of arbitrary Java code on the Oracle
8.1.7.0.0 database server with elevated privileges. This vulnerability was discovered in Oracle8i, Release 8.1.7.0.0, Enterprise Edition running Oracle Internet Application Server (iAS) and XSQL Servlet, Release 1.0.0.0, on MS Windows 2000. It also exists in XSQL releases 1.0.1.0 to 1.0.3.0 on all platforms.
|