Intrusion PreventionOracle.MDSYS.SDO_LRS.Package.SQL.Injection
Description
This indicates a possible exploit of an SQL injection vulnerability in the Oracle Database products, which can be triggered by a crafted call to the MDSYS.SDO_LRS package function convert_to_lrs_layer.
Affected Products
Oracle Pharmaceutical Applications
Oracle PeopleSoft Enterprise Tools
Oracle PeopleSoft Enterprise Portal
Oracle PeopleSoft Enterprise PeopleTools
Oracle Oracle9i Standard Edition
Oracle Oracle9i Enterprise Edition
Oracle Oracle9i Application Server
Oracle Oracle8i Standard Edition
Oracle Oracle8i Enterprise Edition
Oracle Oracle10g Standard Edition
Oracle Oracle10g Enterprise Edition
Oracle Oracle10g Application Server
Oracle OneWorld Tools SP23
Oracle JD Edwards EnterpriseOne
Oracle HTML DB
Oracle E-Business Suite
Oracle Developer Suite
Oracle Collaboration Suite Release
Oracle Application Server Release
Impact
SQL injection
Recommended Actions
Please refer to the following updates or patches:
Oracle HTML DB 1.5
Oracle apex_2.2.1.zip
Oracle HTML DB 1.6.1
Oracle apex_2.2.1.zip
Oracle HTML DB 2.0
Oracle apex_2.2.1.zip
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 13649 |
| Created | Dec 03, 2006 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2006-5340 |
| Exploit Prediction Score | 85.02% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Oracle |