Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310807034
HistoryJan 22, 2016 - 12:00 a.m.

Oracle Database Server Multiple Unspecified Vulnerabilities -01 (Jan 2016)

2016-01-2200:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
126

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

84.0%

JSON

Oracle Database Server is prone to multiple unspecified vulnerabilities.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:oracle:database_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.807034");
  script_version("2024-02-20T05:05:48+0000");
  script_cve_id("CVE-2016-0472", "CVE-2016-0467", "CVE-2016-0461", "CVE-2016-0499",
                "CVE-2015-4923", "CVE-2015-4921", "CVE-2015-4900", "CVE-2015-4888",
                "CVE-2015-4873", "CVE-2015-4863", "CVE-2015-4796", "CVE-2015-4794",
                "CVE-2016-0690", "CVE-2016-0681", "CVE-2016-0691", "CVE-2016-3454",
                "CVE-2016-3609", "CVE-2016-3506", "CVE-2016-3489", "CVE-2016-3484");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-09-01 01:29:00 +0000 (Fri, 01 Sep 2017)");
  script_tag(name:"creation_date", value:"2016-01-22 13:02:26 +0530 (Fri, 22 Jan 2016)");
  script_name("Oracle Database Server Multiple Unspecified Vulnerabilities -01 (Jan 2016)");

  script_tag(name:"summary", value:"Oracle Database Server is prone to multiple unspecified vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to multiple
  unspecified vulnerabilities.");

  script_tag(name:"impact", value:"Successfully exploitation will allow remote
  authenticated attackers to affect confidentiality, integrity, and availability
  via unknown vectors.");

  script_tag(name:"affected", value:"Oracle Database Server versions
  11.2.0.4, 12.1.0.1, and 12.1.0.2");

  script_tag(name:"solution", value:"Apply the patchesfrom the referenced advisory.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77177");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77197");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77183");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77175");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77193");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77189");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/91890");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/91867");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/91874");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/91842");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Databases");
  script_dependencies("oracle_tnslsnr_version.nasl");
  script_mandatory_keys("OracleDatabaseServer/installed");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!dbPort = get_app_port(cpe:CPE)){
  exit(0);
}

if(!dbVer = get_app_version(cpe:CPE, port:dbPort)){
  exit(0);
}

if(dbVer =~ "^(12\.1|11\.2)")
{
  if(version_is_equal(version:dbVer, test_version:"11.2.0.4") ||
     version_is_equal(version:dbVer, test_version:"12.1.0.1") ||
     version_is_equal(version:dbVer, test_version:"12.1.0.2"))
  {
    report = report_fixed_ver(installed_version:dbVer, fixed_version:"Apply the appropriate patch");
    security_message(data:report, port:dbPort);
    exit(0);
  }
}

exit(99);

Related

nessus 4
prion 20
cve 20
f5 2
cvelist 20
nvd 20
ibm 6
atlassian 3
veracode 1
securityvulns 1
oracle 9
nessus
nessus
Oracle Database Multiple Vulnerabilities (October 2015 CPU)
2015-10-23 00:00:00
Oracle Database Multiple Vulnerabilities (January 2016 CPU)
2016-01-25 00:00:00
Oracle Database Multiple Vulnerabilities (April 2016 CPU)
2016-04-27 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-21 23:59:00
Design/Logic Flaw
2016-01-21 03:00:00
cve
cve
CVE-2015-4796
2015-10-21 21:59:13
CVE-2015-4888
2015-10-21 23:59:50
CVE-2016-0499
2016-01-21 03:00:47
f5
f5
SOL11100332 - Multiple Oracle Database Server vulnerabilities
2016-09-15 00:00:00
K11100332 : Multiple Oracle Database Server vulnerabilities
2016-09-15 00:00:00
cvelist
cvelist
CVE-2015-4888
2015-10-21 23:00:00
CVE-2015-4796
2015-10-21 21:00:00
CVE-2016-0499
2016-01-21 02:00:00
nvd
nvd
CVE-2015-4796
2015-10-21 21:59:13
CVE-2015-4888
2015-10-21 23:59:50
CVE-2016-0499
2016-01-21 03:00:47
ibm
ibm
Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Database
2018-06-15 22:44:11
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2016-3506)
2020-05-27 08:25:50
Security Bulletin: Due to use of Oracle JDBC component, ITNM is vulnerable to an unspecified vulnerability (CVE-2016-3506)
2023-01-04 16:41:22
atlassian
atlassian
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
veracode
veracode
Remote Code Execution (RCE)
2020-08-20 03:04:18
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

84.0%

JSON
Related for OPENVAS:1361412562310807034
nessus4prion20cve20f52cvelist20nvd20ibm6atlassian3veracode1securityvulns1oracle9