'Re: [oss-security] SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-03-31 23:41:15
Message-ID: 4F77961B.1080108 () redhat ! com
[Download RAW message or body]

On 03/31/2012 10:20 AM, Steffen Dettmer wrote:
> Hi,
> 
> when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
> version 9.1 database, escaping of JDBC statement parameters does
> not work and SQL injection attacks are possible.

> Steffen
> 

I believe this is covered in the list archives.

http://seclists.org/oss-sec/2012/q1/800

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic