Hi Guys
Recent my dspace server had a security scan and one of the vulnerabilities
listed in blind sql injection.
I am using Dspace 1.8 with Tomcat 7.053, and postgres 9.1
Can I know if I need to upgrade to resolve the vulnerability issue, or the
current configuration is already sufficient to eliminate the risk.
Example of the risk
http://dspace.***.**/xmlui/handle/get/90/discoverusing method POST
Parameter querybehaves differently with the following payloads:
10' OR '16123'='1612310' AND '16123'='16124
Koh Kim Boon
Department of Information and Digital Technology (Library Solutions)
500 Dover Road, Singapore 139651
DID: 67721129
Tel: 67721160
Fax: 61121969
Email: koh_kim_b...@sp.edu.sg<mailto:koh_kim_b...@sp.edu.sg>
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
