CVE-2009-1991

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 9.2.0.8 through 10.2.0.4

Description: The issue affects confidentiality and integrity, and is related to CTXSYS.DRVXTABC. It may be related to SQL injection vulnerabilities via the idx owner or idx name parameters to the create tables procedure.

Recommendations: For Oracle Database versions 9.2.0.8 through 10.2.0.4, consider restricting access to the create tables procedure to minimize the risk of exploitation, and avoid using the idx owner and idx name parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.