Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_OCT_2013.NASL
HistoryOct 16, 2013 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)

2013-10-1600:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
JSON

The remote Oracle database server is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple security vulnerabilities in the following components :

  • Core RDBMS
  • Oracle Security service
  • XML Parser
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70460);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2011-3389",
    "CVE-2013-0169",
    "CVE-2013-3826",
    "CVE-2013-5771"
  );
  script_bugtraq_id(
    49778,
    57778,
    63044,
    63046
  );
  script_xref(name:"CERT", value:"864643");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the October 2013 Critical
Patch Update (CPU). It is, therefore, affected by multiple security
vulnerabilities in the following components :

  - Core RDBMS
  - Oracle Security service
  - XML Parser");
  # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac29c174");
  script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2013 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/16");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# OCT2013
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.17", "CPU", "17082374, 17082366");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.54", "CPU", "17363759");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.54", "CPU", "17363760");
# RDBMS 12.1.0.1
patches["12.1.0.1"]["db"]["nix"] = make_array("patch_level", "12.1.0.1.1", "CPU", "17027533");
patches["12.1.0.1"]["db"]["win32"] = make_array("patch_level", "12.1.0.1.1", "CPU", "17363795");
patches["12.1.0.1"]["db"]["win64"] = make_array("patch_level", "12.1.0.1.1", "CPU", "17363796");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.12", "CPU", "17082375, 17082367");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.27", "CPU", "17363837");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.27", "CPU", "17363838");
# RDBMS 11.2.0.3
patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.8", "CPU", "17082364, 16902043");
patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.25", "CPU", "17363844");
patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.25", "CPU", "17363850");

check_oracle_database(patches:patches);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

openvas 56
securityvulns 8
ics 2
prion 5
cve 5
ptsecurity 1
nessus 33
ibm 30
fedora 17
veracode 4
mskb 1
debiancve 4
checkpoint_security 1
cert 1
checkpoint_advisories 2
seebug 2
f5 5
slackware 1
openssl 1
hackerone 1
ubuntucve 4
debian 3
freebsd 2
rubygems 1
suse 1
osv 4
altlinux 2
centos 1
rapid7blog 1
openvas
openvas
Oracle Database Server Multiple Information Disclosure Vulnerabilities
2013-10-28 00:00:00
Fedora Update for thunderbird FEDORA-2011-17399
2012-01-23 00:00:00
Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
2012-01-11 00:00:00
securityvulns
securityvulns
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
EMC RSA BSAFE multiple security vulnerabilities
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2013-07-15 00:00:00
ics
ics
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
prion
prion
Design/Logic Flaw
2013-10-16 15:55:00
Design/Logic Flaw
2013-10-16 15:55:00
Session fixation
2011-09-06 19:55:00
cve
cve
CVE-2013-5771
2013-10-16 15:55:00
CVE-2013-3826
2013-10-16 15:55:00
CVE-2011-3389
2011-09-06 19:55:00
ptsecurity
ptsecurity
PT-2013-21: XML External Entities Injection in Oracle Database
2013-02-26 00:00:00
nessus
nessus
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)
2014-10-10 00:00:00
ibm
ibm
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
fedora
fedora
[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: xulrunner-9.0-2.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: thunderbird-9.0-4.fc16
2011-12-23 03:31:27
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2013-0169
2013-02-08 19:55:00
CVE-2013-1620
2013-02-08 19:55:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K15637 : GnuTLS vulnerability CVE-2013-2116
2014-10-16 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
ubuntucve
ubuntucve
CVE-2013-0169
2013-02-08 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
CVE-2013-1624
2013-02-08 00:00:00
debian
debian
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
[SECURITY] [DSA 2398-1] curl security update
2012-01-30 19:49:07
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-21 00:24:51
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
rubygems
rubygems
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
2011-08-31 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
lighttpd - several
2011-12-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
rapid7blog
rapid7blog
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
2021-09-01 13:11:33
JSON
Related for ORACLE_RDBMS_CPU_OCT_2013.NASL
openvas56securityvulns8ics2prion5cve5ptsecurity1nessus33ibm30fedora17veracode4mskb1debiancve4checkpoint_security1cert1checkpoint_advisories2seebug2f55slackware1openssl1hackerone1ubuntucve4debian3freebsd2rubygems1suse1osv4altlinux2centos1rapid7blog1