CVE-2004-1339

Name of the Vulnerable Software and Affected Versions: Oracle versions prior to the fixed version

Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the new.table name or new.column name parameters in the default triggers MDSYS.SDO GEOM TRIG INS1 and MDSYS.SDO LRS TRIG INS.

Recommendations: For Oracle versions prior to the fixed version, consider restricting access to the MDSYS.SDO GEOM TRIG INS1 and MDSYS.SDO LRS TRIG INS default triggers until a patch is available. Avoid using the new.table name and new.column name parameters in these triggers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.