Security Vulnerability in Oracle9i Application and Database Servers

February 20, 2004

[From Oracle Technology Network]

A potential security vulnerability has been discovered in Oracle9i Application Server and Oracle9i Database Server. The vulnerability involves the processing of SOAP (Simple Object Access Protocol) messages whose XML contains carefully constructed Data Type Definitions (DTDs). Note that SOAP is the basis of Web Services that are therefore also affected.

The article continues at http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf