Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_JUL_2015.NASL
HistoryJul 17, 2015 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (July 2015 CPU)

2015-07-1700:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
120
JSON

The remote Oracle database server is missing the July 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components :

  • Application Express (CVE-2015-2655, CVE-2015-2585, CVE-2015-2586)
  • Core RDBMS (CVE-2015-0468)
  • Java VM (CVE-2015-2629)
  • Oracle OLAP (CVE-2015-2595)
  • RDBMS Partitioning (CVE-2015-4740)
  • RDBMS Scheduler (CVE-2015-2599)
  • RDBMS Security (CVE-2015-4755)
  • RDBMS Support Tools (CVE-2015-4753)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84822);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2015-0468",
    "CVE-2015-2585",
    "CVE-2015-2586",
    "CVE-2015-2595",
    "CVE-2015-2599",
    "CVE-2015-2629",
    "CVE-2015-2655",
    "CVE-2015-4740",
    "CVE-2015-4753",
    "CVE-2015-4755"
  );
  script_bugtraq_id(
    75838,
    75839,
    75845,
    75851,
    75852,
    75853,
    75864,
    75865,
    75879,
    75882
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (July 2015 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the July 2015 Critical
Patch Update (CPU). It is, therefore, affected by multiple
vulnerabilities in the following components :

  - Application Express (CVE-2015-2655, CVE-2015-2585,
    CVE-2015-2586)
  - Core RDBMS (CVE-2015-0468)
  - Java VM (CVE-2015-2629)
  - Oracle OLAP (CVE-2015-2595)
  - RDBMS Partitioning (CVE-2015-4740)
  - RDBMS Scheduler (CVE-2015-2599)
  - RDBMS Security (CVE-2015-4755)
  - RDBMS Support Tools (CVE-2015-4753)");
  # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2015 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/17");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# July 2015
patches = make_nested_array();

# RDBMS 12.1.0.2
patches["12.1.0.2"]["db"]["nix"] = make_array("patch_level", "12.1.0.2.4", "CPU", "20831110");
patches["12.1.0.2"]["db"]["win"] = make_array("patch_level", "12.1.0.2.7", "CPU", "21126814");
# RDBMS 12.1.0.1
patches["12.1.0.1"]["db"]["nix"] = make_array("patch_level", "12.1.0.1.8", "CPU", "20831107");
patches["12.1.0.1"]["db"]["win"] = make_array("patch_level", "12.1.0.1.20", "CPU", "21076681");
# RDBMS 11.2.0.4
patches["11.2.0.4"]["db"]["nix"] = make_array("patch_level", "11.2.0.4.7", "CPU", "20803583, 20760982");
patches["11.2.0.4"]["db"]["win"] = make_array("patch_level", "11.2.0.4.19", "CPU", "21691487");
# RDBMS 11.2.0.3
patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.15", "CPU", "20803576, 20760997");
patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.39", "CPU", "21104035");
patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.39", "CPU", "21104036");
# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.24", "CPU", "20803573, 20761024");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.61", "CPU", "21104029");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.61", "CPU", "21104030");

# JVM 12.1.0.2
patches["12.1.0.2"]["ojvm"]["nix"] = make_array("patch_level", "12.1.0.2.4", "CPU", "21068507");
patches["12.1.0.2"]["ojvm"]["win"] = make_array("patch_level", "12.1.0.2.3", "CPU", "21153530");
# JVM 12.1.0.1
patches["12.1.0.1"]["ojvm"]["nix"] = make_array("patch_level", "12.1.0.1.4", "CPU", "21068523");
patches["12.1.0.1"]["ojvm"]["win"] = make_array("patch_level", "12.1.0.1.4", "CPU", "21153513");
# JVM 11.2.0.4
patches["11.2.0.4"]["ojvm"]["nix"] = make_array("patch_level", "11.2.0.4.4", "CPU", "21068539");
patches["11.2.0.4"]["ojvm"]["win"] = make_array("patch_level", "11.2.0.4.4", "CPU", "21153498");
# JVM 11.2.0.3
patches["11.2.0.3"]["ojvm"]["nix"] = make_array("patch_level", "11.2.0.3.4", "CPU", "21068553");
patches["11.2.0.3"]["ojvm"]["win"] = make_array("patch_level", "11.2.0.3.4", "CPU", "21153470");
# JVM 11.1.0.7
patches["11.1.0.7"]["ojvm"]["nix"] = make_array("patch_level", "11.1.0.7.4", "CPU", "21068565");
patches["11.1.0.7"]["ojvm"]["win"] = make_array("patch_level", "11.1.0.7.4", "CPU", "21153423");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

suse 1
kaspersky 1
prion 11
cve 11
zdt 1
securityvulns 2
packetstorm 1
openvas 8
oracle 1
suse
suse
Security update for oracle-update (important)
2015-08-06 14:33:02
kaspersky
kaspersky
KLA10639 Multiple vulnerabilities in Oracle products
2015-07-17 00:00:00
prion
prion
Design/Logic Flaw
2015-07-16 11:00:00
Design/Logic Flaw
2015-07-16 11:00:00
Design/Logic Flaw
2015-07-16 11:00:00
cve
cve
CVE-2015-4753
2015-07-16 11:00:00
CVE-2015-4740
2015-07-16 11:00:00
CVE-2015-4755
2015-07-16 11:00:00
zdt
zdt
Oracle Application Express Cross Site Scripting Vulnerability
2015-07-18 00:00:00
securityvulns
securityvulns
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express
2015-07-27 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
packetstorm
packetstorm
Oracle Application Express Cross Site Scripting
2015-07-17 00:00:00
openvas
openvas
Oracle Database Server Unspecified Vulnerability -06 (Jan 2016)
2016-01-25 00:00:00
Oracle Database Server Unspecified Vulnerability -05 (Jan 2016)
2016-01-25 00:00:00
Oracle Database Server Unspecified Vulnerability -04 (Jan 2016)
2016-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for ORACLE_RDBMS_CPU_JUL_2015.NASL
suse1kaspersky1prion11cve11zdt1securityvulns2packetstorm1openvas8oracle1