Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_JAN_2007.NASL
HistoryNov 16, 2011 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (January 2007 CPU)

2011-11-1600:00:00
This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.129 Low

EPSS

Percentile

95.5%

JSON

The remote Oracle database server is missing the January 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

  • Advanced Queuing

  • Advanced Replication

  • Advanced Security Option

  • Change Data Capture

  • Data Guard

  • Export

  • Log Miner

  • NLS Runtime

  • Oracle Net Services

  • Oracle Spatial

  • Oracle Streams

  • Oracle Text

  • Oracle Workflow Cartridge

  • Recovery Manager

  • XMLDB

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56055);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2007-0268",
    "CVE-2007-0269",
    "CVE-2007-0270",
    "CVE-2007-0271",
    "CVE-2007-0272",
    "CVE-2007-0273",
    "CVE-2007-0274",
    "CVE-2007-0275",
    "CVE-2007-0276",
    "CVE-2007-0277",
    "CVE-2007-0278"
  );
  script_bugtraq_id(22083);

  script_name(english:"Oracle Database Multiple Vulnerabilities (January 2007 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the January 2007
Critical Patch Update (CPU) and therefore is potentially affected by
security issues in the following components :

  - Advanced Queuing

  - Advanced Replication

  - Advanced Security Option

  - Change Data Capture

  - Data Guard

  - Export

  - Log Miner

  - NLS Runtime

  - Oracle Net Services

  - Oracle Spatial

  - Oracle Streams

  - Oracle Text

  - Oracle Workflow Cartridge

  - Recovery Manager

  - XMLDB");
  # https://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11b7e0a4");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2007 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-860");
  script_cwe_id(79, 119);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/16");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# JAN2007
patches = make_nested_array();

# RDBMS 10.1.0.4
patches["10.1.0.4"]["db"]["nix"] = make_array("patch_level", "10.1.0.4.8", "CPU", "5689894");
patches["10.1.0.4"]["db"]["win32"] = make_array("patch_level", "10.1.0.4.16", "CPU", "5695771");
# RDBMS 10.1.0.5
patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.5", "CPU", "5689908");
patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.11", "CPU", "5716295");
# RDBMS 10.2.0.3
patches["10.2.0.3"]["db"]["nix"] = make_array("patch_level", "10.2.0.3.1", "CPU", "5881721");
patches["10.2.0.3"]["db"]["win32"] = make_array("patch_level", "10.2.0.3.2", "CPU", "5846376");
patches["10.2.0.3"]["db"]["win64"] = make_array("patch_level", "10.2.0.3.2", "CPU", "5846378");
# RDBMS 10.2.0.2
patches["10.2.0.2"]["db"]["nix"] = make_array("patch_level", "10.2.0.2.4", "CPU", "5689957");
patches["10.2.0.2"]["db"]["win32"] = make_array("patch_level", "10.2.0.2.6", "CPU", "5716143");
patches["10.2.0.2"]["db"]["win64"] = make_array("patch_level", "10.2.0.2.6", "CPU", "5699839");
# RDBMS 10.2.0.1
patches["10.2.0.1"]["db"]["nix"] = make_array("patch_level", "10.2.0.1.5", "CPU", "5689937");
patches["10.2.0.1"]["db"]["win32"] = make_array("patch_level", "10.2.0.1.9", "CPU", "5695784");
patches["10.2.0.1"]["db"]["win64"] = make_array("patch_level", "10.2.0.1.9", "CPU", "5695786");
# RDBMS 10.1.0.3
patches["10.1.0.3"]["db"]["nix"] = make_array("patch_level", "10.1.0.3.9", "CPU", "5923277");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

securityvulns 4
cvelist 11
nvd 11
cve 11
prion 11
openvas 1
seebug 2
packetstorm 2
exploitdb 1
exploitpack 1
nessus 1
securityvulns
securityvulns
Multiple Orcale security vulnerabilities.... again...
2007-02-01 00:00:00
Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03)
2007-07-19 00:00:00
Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)
2007-07-19 00:00:00
cvelist
cvelist
CVE-2007-0271
2007-01-17 02:00:00
CVE-2007-0276
2007-01-17 02:00:00
CVE-2007-0270
2007-01-17 02:00:00
nvd
nvd
CVE-2007-0278
2007-01-17 02:28:00
CVE-2007-0271
2007-01-17 02:28:00
CVE-2007-0274
2007-01-17 02:28:00
cve
cve
CVE-2007-0270
2007-01-17 02:28:00
CVE-2007-0278
2007-01-17 02:28:00
CVE-2007-0276
2007-01-17 02:28:00
prion
prion
Buffer overflow
2007-01-17 02:28:00
Buffer overflow
2007-01-17 02:28:00
Cross site scripting
2007-01-17 02:28:00
openvas
openvas
Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities
2011-12-07 00:00:00
seebug
seebug
Oracle 10g DBMS_AQ.ENQUEUE SQL Injection Exploit
2007-04-03 00:00:00
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
packetstorm
packetstorm
dbms_aq-enqueue.txt
2007-04-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
nessus
nessus
Oracle Application Server Multiple Vulnerabilities
2012-01-24 00:00:00

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.129 Low

EPSS

Percentile

95.5%

JSON
Related for ORACLE_RDBMS_CPU_JAN_2007.NASL
securityvulns4cvelist11nvd11cve11prion11openvas1seebug2packetstorm2exploitdb1exploitpack1nessus1