VULHUB ™

Oracle 9iAS package includes the XSQL Servlet as part of the XML Development kit. It may be used to convert the response from an SQL query into an XML format. Reportedly, the servlet does not properly enforce file permissions. An attacker may be able to exploit this vulnerability to view sensitive system configuration files, similar to the issues discussed in BID 4290.

Oracle 9iAS package includes the XSQL Servlet as part of the XML Development kit. It may be used to convert the response from an SQL query into an XML format. Reportedly, the servlet does not properly enforce file permissions. An attacker may be able to exploit this vulnerability to view sensitive system configuration files, similar to the issues discussed in BID 4290.