Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_JUL_2011.NASL
HistoryJul 20, 2011 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (July 2011 CPU)

2011-07-2000:00:00
This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The remote Oracle database server is missing the July 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

  • Core RDBMS (CVE-2011-0832, CVE-2011-0835, CVE-2011-0838, CVE-2011-0880, CVE-2011-2230, CVE-2011-2239, CVE-2011-2243, CVE-2011-2253)

  • Content Management (CVE-2011-0882)

  • Database Target Type Menus (CVE-2011-2257)

  • SQL Performance Advisories/UIs (CVE-2011-2248)

  • Schema Management (CVE-2011-0870)

  • Security Framework (CVE-2011-0848, CVE-2011-2244)

  • Security Management (CVE-2011-0852)

  • Streams, AQ & Replication Management (CVE-2011-0822)

  • XML Developer Kit (CVE-2011-2231, CVE-2011-2232)

  • CMDB Metadata & Instance APIs (CVE-2011-0816)

  • EMCTL (CVE-2011-0875, CVE-2011-0881)

  • Enterprise Config Management (CVE-2011-0811, CVE-2011-0831)

  • Enterprise Manager Console (CVE-2011-0876)

  • Event Management (CVE-2011-0830)

  • Instance Management (CVE-2011-0877, CVE-2011-0879)

  • Database Vault (CVE-2011-2238)

  • Oracle Universal Installer (CVE-2011-2240)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55632);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2011-0811",
    "CVE-2011-0816",
    "CVE-2011-0822",
    "CVE-2011-0830",
    "CVE-2011-0831",
    "CVE-2011-0832",
    "CVE-2011-0835",
    "CVE-2011-0838",
    "CVE-2011-0848",
    "CVE-2011-0852",
    "CVE-2011-0870",
    "CVE-2011-0875",
    "CVE-2011-0876",
    "CVE-2011-0877",
    "CVE-2011-0879",
    "CVE-2011-0880",
    "CVE-2011-0881",
    "CVE-2011-0882",
    "CVE-2011-2230",
    "CVE-2011-2231",
    "CVE-2011-2232",
    "CVE-2011-2238",
    "CVE-2011-2239",
    "CVE-2011-2240",
    "CVE-2011-2242",
    "CVE-2011-2243",
    "CVE-2011-2244",
    "CVE-2011-2248",
    "CVE-2011-2253",
    "CVE-2011-2257"
  );
  script_bugtraq_id(
    48726,
    48727,
    48728,
    48729,
    48730,
    48731,
    48732,
    48733,
    48734,
    48735,
    48736,
    48737,
    48738,
    48739,
    48740,
    48741,
    48742,
    48743,
    48745,
    48746,
    48748,
    48749,
    48750,
    48751,
    48754,
    48760,
    48764,
    48794
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (July 2011 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the July 2011 Critical
Patch Update (CPU) and therefore is potentially affected by security
issues in the following components :

  - Core RDBMS (CVE-2011-0832, CVE-2011-0835, CVE-2011-0838,
    CVE-2011-0880, CVE-2011-2230, CVE-2011-2239,
    CVE-2011-2243, CVE-2011-2253)

  - Content Management (CVE-2011-0882)

  - Database Target Type Menus (CVE-2011-2257)

  - SQL Performance Advisories/UIs (CVE-2011-2248)

  - Schema Management (CVE-2011-0870)

  - Security Framework (CVE-2011-0848, CVE-2011-2244)

  - Security Management (CVE-2011-0852)

  - Streams, AQ & Replication Management (CVE-2011-0822)

  - XML Developer Kit (CVE-2011-2231, CVE-2011-2232)

  - CMDB Metadata & Instance APIs (CVE-2011-0816)

  - EMCTL (CVE-2011-0875, CVE-2011-0881)

  - Enterprise Config Management (CVE-2011-0811,
    CVE-2011-0831)

  - Enterprise Manager Console (CVE-2011-0876)

  - Event Management (CVE-2011-0830)

  - Instance Management (CVE-2011-0877, CVE-2011-0879)

  - Database Vault (CVE-2011-2238)

  - Oracle Universal Installer (CVE-2011-2240)");
  # https://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fd9a198");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2011 Oracle Critical
Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# JUL2011
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.8", "CPU", "12419265, 12419384");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.41", "CPU", "12695277");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.41", "CPU", "12695278");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.3", "CPU", "12419321, 12419331");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.8", "CPU", "12714462");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.8", "CPU", "12714463");
# RDBMS 11.2.0.1
patches["11.2.0.1"]["db"]["nix"] = make_array("patch_level", "11.2.0.1.6", "CPU", "12419278, 12419378");
patches["11.2.0.1"]["db"]["win32"] = make_array("patch_level", "11.2.0.1.13", "CPU", "12429528");
patches["11.2.0.1"]["db"]["win64"] = make_array("patch_level", "11.2.0.1.13", "CPU", "12429529");
# RDBMS 10.1.0.5
patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.22", "CPU", "12419228");
patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.42", "CPU", "12429517");
# RDBMS 10.2.0.5
patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.4", "CPU", "12419258, 12419392");
patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.10", "CPU", "12429523");
patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.10", "CPU", "12429524");
# RDBMS 10.2.0.4
patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.9", "CPU", "12419249, 12419397");
patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.45", "CPU", "12429519");
patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.45", "CPU", "12429521");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

References

Related

openvas 35
cve 30
prion 30
securityvulns 4
oracle 1
ubuntucve 2
ubuntu 1
nessus 4
suse 1
oraclelinux 2
fedora 8
gentoo 1
openvas
openvas
Oracle Database Server Multiple Unspecified Vulnerabilities-02 (Mar 2018)
2018-03-07 00:00:00
Oracle Database Server Multiple Unspecified Vulnerabilities-03 (Mar 2018)
2018-03-07 00:00:00
Oracle Database Server Multiple Unspecified Vulnerabilities-01 (Mar 2018)
2018-03-07 00:00:00
cve
cve
CVE-2011-0832
2011-07-20 22:55:00
CVE-2011-0835
2011-07-20 22:55:00
CVE-2011-0880
2011-07-20 22:55:00
prion
prion
Design/Logic Flaw
2011-07-20 22:55:00
Design/Logic Flaw
2011-07-20 22:55:00
Design/Logic Flaw
2011-07-20 22:55:00
securityvulns
securityvulns
Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
2011-08-01 00:00:00
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page)
2011-08-01 00:00:00
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page)
2011-08-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2011-0870
2011-06-17 00:00:00
CVE-2011-0822
2011-06-17 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-06-17 00:00:00
nessus
nessus
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)
2014-06-13 00:00:00
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1)
2011-06-20 00:00:00
suse
suse
java-1_6_0-openjdk (important)
2011-06-28 13:08:22
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-06-08 00:00:00
java-1.6.0-openjdk security update
2011-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15
2011-06-15 05:44:07
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13
2011-06-15 05:33:46
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
JSON
Related for ORACLE_RDBMS_CPU_JUL_2011.NASL
openvas35cve30prion30securityvulns4oracle1ubuntucve2ubuntu1nessus4suse1oraclelinux2fedora8gentoo1