Response to "Path disclosure vulnerability in Oracle 9i and 8i Application Server"

[Oracle Security Alerts <secalert_us () oracle com>]

Dated: September 21, 2001

This message is in response to the Bugtraq posting "Path disclosure
vulnerability in Oracle 9i and 8i Application Server" dated September
17, 2001 (bid 3341).

Patch and workaround information for the potential security
vulnerability mentioned in bid 3341 has already been posted on Bugtraq
(bids 2286 and 2288) and on the Oracle Technology Network at
http://otn.oracle.com/deploy/security/alerts.htm under "Oracle JSP
Execution Alerts". Please apply patches as indicated or follow the
appropriate workarounds.

Regards,
Oracle Security Alerts