Dated: September 21, 2001 This message is in response to the Bugtraq posting "Path disclosure vulnerability in Oracle 9i and 8i Application Server" dated September 17, 2001 (bid 3341). Patch and workaround information for the potential security vulnerability mentioned in bid 3341 has already been posted on Bugtraq (bids 2286 and 2288) and on the Oracle Technology Network at http://otn.oracle.com/deploy/security/alerts.htm under "Oracle JSP Execution Alerts". Please apply patches as indicated or follow the appropriate workarounds. Regards, Oracle Security Alerts
