[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-03-31 23:41:15
Message-ID: 4F77961B.1080108 () redhat ! com
[Download RAW message or body]
On 03/31/2012 10:20 AM, Steffen Dettmer wrote:
> Hi,
>
> when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
> version 9.1 database, escaping of JDBC statement parameters does
> not work and SQL injection attacks are possible.
> Steffen
>
I believe this is covered in the list archives.
http://seclists.org/oss-sec/2012/q1/800
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic