oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver

From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 31 Mar 2012 17:41:15 -0600
On 03/31/2012 10:20 AM, Steffen Dettmer wrote:

Hi,

when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
version 9.1 database, escaping of JDBC statement parameters does
not work and SQL injection attacks are possible.




Steffen



I believe this is covered in the list archives.

http://seclists.org/oss-sec/2012/q1/800

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
Previous By Date Next
Previous By Thread Next

Current thread: