CVE-2004-1339
Last modified
CVE-2004-1339 is a vulnerability of currently unknown severity. SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.. EPSS estimates a 1.48% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Oracle | Database Server | 10.2.1 | R2 |
| Oracle | Oracle9i | 9.0 | — |
| Oracle | Oracle9i | 9.0.1 | — |
| Oracle | Oracle9i | 9.0.1.2 | — |
| Oracle | Oracle9i | 9.0.1.3 | — |
| Oracle | Oracle9i | 9.0.1.4 | — |
| Oracle | Oracle9i | 9.0.2 | — |
| Oracle | Oracle9i | 9.0.2.0.0 | — |
| Oracle | Oracle9i | 9.0.2.0.1 | — |
| Oracle | Oracle9i | 9.0.2.1 | — |
| Oracle | Oracle9i | 9.0.2.2 | — |
| Oracle | Oracle9i | 9.0.2.3 | — |
| Oracle | Oracle9i | 9.2.0.1 | — |
| Oracle | Oracle9i | 9.2.0.2 | — |
References
- http://www.ngssoftware.com/advisories/oracle23122004I.txtPatch, Vendor Advisory
- http://www.ngssoftware.com/advisories/oracle23122004I.txtPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1339?
How severe is CVE-2004-1339?
How do I fix CVE-2004-1339?
Are you affected by CVE-2004-1339?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST