Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_APR_2012.NASL
HistoryApr 19, 2012 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (April 2012 CPU)

2012-04-1900:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
48
JSON

The remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components :

  • Core RDBMS

  • Oracle Spatial

  • OCI

  • Enterprise Manager Base Platform

  • Application Express

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58798);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2012-0510",
    "CVE-2012-0511",
    "CVE-2012-0512",
    "CVE-2012-0519",
    "CVE-2012-0520",
    "CVE-2012-0525",
    "CVE-2012-0526",
    "CVE-2012-0527",
    "CVE-2012-0528",
    "CVE-2012-0534",
    "CVE-2012-0552",
    "CVE-2012-1708"
  );
  script_bugtraq_id(
    53063,
    53072,
    53076,
    53081,
    53084,
    53089,
    53090,
    53092,
    53093,
    53097,
    53101,
    53104
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (April 2012 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the April 2012 Critical
Patch Update (CPU) and is, therefore, potentially affected by security
issues in the following components :

  - Core RDBMS

  - Oracle Spatial

  - OCI

  - Enterprise Manager Base Platform

  - Application Express");
  # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sql-injection-in-oracle-enterprise-manager-searchpage-web-page/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9e3b595");
  # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-http-response-splitting-in-oem-prevpage/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a38b382b");
  # https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83822adc");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2012 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/19");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# APR2012
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.11", "CPU", "13632731, 13621679");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715809");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715810");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.6", "CPU", "13632725, 13696224");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697073");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697074");
# RDBMS 11.2.0.3
patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.2", "CPU", "13632717, 13696216");
patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885388");
patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885389");
# RDBMS 10.2.0.5
patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.7", "CPU", "13632738, 13632743");
patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654814");
patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654815");
# RDBMS 10.2.0.4
patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.12", "CPU", "12879926, 12879933");
patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928775");
patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928776");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

threatpost 1
suse 1
prion 12
cve 12
securityvulns 10
packetstorm 2
nessus 1
oracle 1
ics 1
threatpost
threatpost
Oracle Patches 88 Vulnerabilities, Including Some that Allow Remote Exploits Without Authentication
2012-04-19 02:20:35
suse
suse
Security update for oracle-update (important)
2012-08-22 17:08:38
prion
prion
Design/Logic Flaw
2012-05-03 17:55:00
Design/Logic Flaw
2012-05-03 17:55:00
Design/Logic Flaw
2012-05-03 17:55:00
cve
cve
CVE-2012-0526
2012-05-03 17:55:00
CVE-2012-0527
2012-05-03 17:55:00
CVE-2012-0528
2012-05-03 17:55:00
securityvulns
securityvulns
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511)
2012-04-22 00:00:00
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
2012-04-22 00:00:00
OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
2012-04-22 00:00:00
packetstorm
packetstorm
Oracle Enterprise Manager searchPage SQL Injection
2012-04-19 00:00:00
Oracle Enterprise Manager compareWizFirstConfig SQL injection
2012-04-19 00:00:00
nessus
nessus
Oracle Application Express (Apex) CVE-2012-1708
2013-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2012
2012-07-19 00:00:00
ics
ics
Philips Vue PACS (Update C)
2023-02-21 12:00:00
JSON
Related for ORACLE_RDBMS_CPU_APR_2012.NASL
threatpost1suse1prion12cve12securityvulns10packetstorm2nessus1oracle1ics1