[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] insecure xslt
http://metasploit.com/research/vulns/google_proxystylesheet/ A security hole in the google search appliance is xslt based, basically from what I've seen of the appliance this is something that an administrator should be able to fix themselves. But if one can't go through all the configuration possibilities there is a patch. I was not aware that the stylesheet engine was oracle based as is indicated here though, one of the things that I had assumed from talks with google support was that theirs was not a complete xslt 1.0 implementation - based on my asking for document function support and being told that it supported all the functions that it needed to do its job - which sounded like a no to me.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|