Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_APR_2011.NASL
HistoryMay 13, 2011 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (April 2011 CPU)

2011-05-1300:00:00
This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The remote Oracle database server is missing the April 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

  • Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799)

  • Oracle Security Service (CVE-2009-3555)

  • Application Service Level Management (CVE-2011-0787)

  • Network Foundation (CVE-2011-0806)

  • Oracle Help (CVE-2011-0785)

  • UIX (CVE-2011-0805)

  • Database Vault (CVE-2011-0793, CVE-2011-0804)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(53897);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2009-3555",
    "CVE-2011-0785",
    "CVE-2011-0787",
    "CVE-2011-0792",
    "CVE-2011-0793",
    "CVE-2011-0799",
    "CVE-2011-0804",
    "CVE-2011-0805",
    "CVE-2011-0806"
  );
  script_bugtraq_id(
    47429,
    47430,
    47431,
    47432,
    47436,
    47441,
    47443,
    47451
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (April 2011 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the April 2011 Critical
Patch Update (CPU) and therefore is potentially affected by security
issues in the following components :

  - Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799)

  - Oracle Security Service (CVE-2009-3555)

  - Application Service Level Management (CVE-2011-0787)

  - Network Foundation (CVE-2011-0806)

  - Oracle Help (CVE-2011-0785)

  - UIX (CVE-2011-0805)

  - Database Vault (CVE-2011-0793, CVE-2011-0804)");
  # https://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?93e12960");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2011 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(310);

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/13");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# APR2011
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.7", "CPU", "11724999, 11724936");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.38", "CPU", "11741169");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.38", "CPU", "11741170");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.2", "CPU", "11724984, 11724916");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.4", "CPU", "11896290");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.4", "CPU", "11896292");
# RDBMS 11.2.0.1
patches["11.2.0.1"]["db"]["nix"] = make_array("patch_level", "11.2.0.1.5", "CPU", "11724991, 11724930");
patches["11.2.0.1"]["db"]["win32"] = make_array("patch_level", "11.2.0.1.11", "CPU", "11883240");
patches["11.2.0.1"]["db"]["win64"] = make_array("patch_level", "11.2.0.1.11", "CPU", "11731176");
# RDBMS 10.1.0.5
patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.21", "CPU", "11725035");
patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.41", "CPU", "11731119");
# RDBMS 10.2.0.5
patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.3", "CPU", "11725006, 11724962");
patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.8", "CPU", "12328268");
patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.8", "CPU", "12328269");
# RDBMS 10.2.0.4
patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.8", "CPU", "11725015, 11724977");
patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.44", "CPU", "12328501");
patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.44", "CPU", "12328503");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

securityvulns 11
cve 9
prion 8
cvelist 8
erpscan 1
openvas 52
fedora 10
redhat 2
debian 4
altlinux 4
nessus 59
suse 1
seebug 4
hackerone 2
ubuntu 5
mozilla 1
saint 4
slackware 1
oraclelinux 1
centos 2
cisco 1
checkpoint_advisories 4
veracode 1
fortinet 1
ibm 1
github 1
nginx 1
securityvulns
securityvulns
TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html
2011-05-02 00:00:00
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU
2011-05-02 00:00:00
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU
2011-05-04 00:00:00
cve
cve
CVE-2011-0785
2011-04-20 03:14:00
CVE-2011-0792
2011-04-20 03:14:00
CVE-2011-0805
2011-04-20 03:14:00
prion
prion
Design/Logic Flaw
2011-04-20 03:14:00
Design/Logic Flaw
2011-04-20 03:14:00
Design/Logic Flaw
2011-04-20 03:14:00
cvelist
cvelist
CVE-2011-0785
2022-10-03 16:15:18
CVE-2011-0805
2022-10-03 16:15:20
CVE-2011-0792
2022-10-03 16:15:18
erpscan
erpscan
Oracle BI — WB_OLAP_AW_SET_SOLVE_ID - privilege escalation
2009-04-20 00:00:00
openvas
openvas
CentOS Update for nspr CESA-2010:0165 centos4 i386
2010-03-31 00:00:00
Fedora Update for nss FEDORA-2010-3905
2010-03-31 00:00:00
Mandriva Update for nss MDVSA-2010:069 (nss)
2010-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: nss-3.12.6-1.2.fc12
2010-03-12 04:18:37
[SECURITY] Fedora 12 Update: gnutls-2.8.6-2.fc12
2010-06-25 18:15:19
[SECURITY] Fedora 11 Update: nss-3.12.6-1.2.fc11
2010-03-23 02:03:18
redhat
redhat
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update
2010-03-17 00:00:00
debian
debian
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:42
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
nessus
nessus
Ubuntu 8.04 LTS : nss vulnerability (USN-927-4)
2010-06-30 00:00:00
Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)
2009-12-18 00:00:00
HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities
2010-05-19 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39
seebug
seebug
ProFTPD TLS会话重协商明文数据注入漏洞
2009-12-15 00:00:00
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-10 00:00:00
TLS Renegotiation Vulnerability PoC Exploit
2009-12-21 00:00:00
hackerone
hackerone
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
ubuntu
ubuntu
Apache vulnerability
2010-09-21 00:00:00
NSS vulnerability
2010-04-09 00:00:00
NSS vulnerability
2010-07-23 00:00:00
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
saint
saint
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
slackware
slackware
openssl
2009-11-16 13:42:36
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
centos
centos
openssl097a security update
2010-03-27 17:44:36
nspr, nss security update
2010-03-28 15:36:50
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE Multiple SQL Injections (CVE-2011-0799)
2012-01-31 00:00:00
Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection (CVE-2011-0799)
2012-01-31 00:00:00
Preemptive Protection against TLS and SSL Spoofing Vulnerability
2010-02-09 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555)
2020-06-23 08:41:14
github
github
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22
nginx
nginx
The renegotiation vulnerability in SSL protocol
2009-11-09 17:30:00
JSON
Related for ORACLE_RDBMS_CPU_APR_2011.NASL
securityvulns11cve9prion8cvelist8erpscan1openvas52fedora10redhat2debian4altlinux4nessus59suse1seebug4hackerone2ubuntu5mozilla1saint4slackware1oraclelinux1centos2cisco1checkpoint_advisories4veracode1fortinet1ibm1github1nginx1