Vulnerabilities > CVE-2001-0126 - Unspecified vulnerability in Oracle Oracle8I 8.1.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_XSQL.NASL |
| description | The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10594 |
| published | 2001-01-22 |
| reporter | This script is Copyright (C) 2001-2018 Matt Moore |
| source | https://www.tenable.com/plugins/nessus/10594 |
| title | Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution |