|
Oracle - SQL Injection in package SDO_IDX [DB07]=0D =0D Systems Affected 9i Rel. 1 - 11g Rel. 1=0D Severity High Risk=0D Category SQL Injection=0D Vendor URL http://www.oracle.com/=0D Author Alexander Kornbrust=0D Advisory 16 April 2008 (V 1.00)=0D Advisory URL http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html=0D =0D Details=0D The package SDO_IDX is vulnerable against SQL injection.=0D =0D =0D Patch Information=0D Apply the patches for Oracle CPU April 2008.=0D =0D =0D History=0D 6-jun-2007 Oracle secalert was informed=0D 15-apr-2008 Oracle published CPU April 2008 [DB07]=0D 16-apr-2008 Advisory published=0D =0D =0D =A9 2008 by Red-Database-Security GmbH=0D http://www.red-database-security.com