Strix
26.1K

CVE-2006-5340

UnknownEPSS 3.84%

Last modified

CVE-2006-5340 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.. EPSS estimates a 3.84% chance of exploitation in the next 30 days.

Description

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.

Metrics

EPSS Probability
3.84%

88.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
OracleDatabase Server8.1.7.4
OracleDatabase Server9.0.1.5
OracleDatabase Server9.2.0.7
OracleDatabase Server10.1.0.5
OracleDatabase Server10.2.0.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-5340?
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.
How severe is CVE-2006-5340?
Severity scoring for CVE-2006-5340 is pending analysis. The EPSS model estimates a 3.84% probability of exploitation in the next 30 days.
How do I fix CVE-2006-5340?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5340?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST