Search...

Oracle Database Server Unspecified Vulnerability -08 Jan16

2016-01-25T00:00:00

ID OPENVAS:1361412562310807048
Type openvas
Reporter Copyright (C) 2016 Greenbone Networks GmbH
Modified 2018-10-26T00:00:00

Description

This host is running Oracle Database Server and is prone to unspecified vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 12110 2018-10-26 06:58:59Z cfischer $
#
# Oracle Database Server Unspecified Vulnerability -08 Jan16
#
# Authors:
# Rinu Kuriakose &lt;krinu@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:oracle:database_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.807048");
  script_version("$Revision: 12110 $");
  script_cve_id("CVE-2015-0468");
  script_bugtraq_id(75853);
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"$Date: 2018-10-26 08:58:59 +0200 (Fri, 26 Oct 2018) $");
  script_tag(name:"creation_date", value:"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)");
  script_name("Oracle Database Server Unspecified Vulnerability -08 Jan16");

  script_tag(name:"summary", value:"This host is running  Oracle Database Server
  and is prone to unspecified vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw is due to an unspecified
  error in the Core RDBMS component.");

  script_tag(name:"impact", value:"Successfully exploitation will allow remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.");

  script_tag(name:"affected", value:"Oracle Database Server versions
  11.1.0.7, 11.2.0.3, and 12.1.0.1");

  script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html");
  script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("Databases");
  script_dependencies("oracle_tnslsnr_version.nasl");
  script_mandatory_keys("OracleDatabaseServer/installed");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!dbPort = get_app_port(cpe:CPE)){
  exit(0);
}

if(!dbVer = get_app_version(cpe:CPE, port:dbPort)){
  exit(0);
}

if(dbVer =~ "^(11|12)")
{
  if(version_is_equal(version:dbVer, test_version:"12.1.0.1") ||
     version_is_equal(version:dbVer, test_version:"11.2.0.3") ||
     version_is_equal(version:dbVer, test_version:"11.1.0.7"))
  {
    report = report_fixed_ver(installed_version:dbVer, fixed_version:"Apply the appropriate patch");
    security_message(data:report, port:dbPort);
    exit(0);
  }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310807048", "bulletinFamily": "scanner", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "published": "2016-01-25T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "cvelist": ["CVE-2015-0468"], "type": "openvas", "lastseen": "2019-05-29T18:35:36", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0468"], "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d9956b4f0aa65f4a515f57bbbccfde9c8cf750f37fc03655941ed49a050504ef", "hashmap": [{"hash": "e4e1405d336291e7041a81e5dd0cab0a", "key": "description"}, {"hash": "93e5c233e772e6cdcec7e25ea69bd05f", "key": "sourceData"}, {"hash": "a545e718c5a504ca26fe4ecd00d2e536", "key": "pluginID"}, {"hash": "450f38e644f633aad5f600cf16b84dd1", "key": "title"}, {"hash": "d56345ea57a1f167f6f849cfeb25e26b", "key": "published"}, {"hash": "c2e02b5198e39a7764a95e8123bfca51", "key": "references"}, {"hash": "801260da95531a926653af262fb7c32c", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "35d4c45b0fd9ef0ff57841ff7642c032", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "c25939939952c380cb658154d6a4245e", "key": "modified"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "61a37396f8fc8545e5dc3fd73288ce16", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "id": "OPENVAS:1361412562310807048", "lastseen": "2017-07-02T21:13:08", "modified": "2017-03-15T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310807048", "published": "2016-01-25T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 5580 2017-03-15 10:00:34Z teissa $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 5580 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-15 11:00:34 +0100 (Wed, 15 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Apply patches from below link,\n http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\ndbPort = \"\";\ndbVer = \"\";\n\n## Get port\nif(!dbport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\n## Check for vulnerable version\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-07-02T21:13:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0468"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ebd835d369113650697081ecf651d93543cb9508cabafff27fff127244562f27", "hashmap": [{"hash": "e4e1405d336291e7041a81e5dd0cab0a", "key": "description"}, {"hash": "93e5c233e772e6cdcec7e25ea69bd05f", "key": "sourceData"}, {"hash": "a545e718c5a504ca26fe4ecd00d2e536", "key": "pluginID"}, {"hash": "450f38e644f633aad5f600cf16b84dd1", "key": "title"}, {"hash": "d56345ea57a1f167f6f849cfeb25e26b", "key": "published"}, {"hash": "c2e02b5198e39a7764a95e8123bfca51", "key": "references"}, {"hash": "801260da95531a926653af262fb7c32c", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "35d4c45b0fd9ef0ff57841ff7642c032", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "c25939939952c380cb658154d6a4245e", "key": "modified"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "id": "OPENVAS:1361412562310807048", "lastseen": "2018-08-30T19:21:22", "modified": "2017-03-15T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310807048", "published": "2016-01-25T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 5580 2017-03-15 10:00:34Z teissa $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 5580 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-15 11:00:34 +0100 (Wed, 15 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Apply patches from below link,\n http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\ndbPort = \"\";\ndbVer = \"\";\n\n## Get port\nif(!dbport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\n## Check for vulnerable version\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:21:22"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0468"], "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-10-26T14:40:04", "references": [{"idList": ["ORACLE:CPUJUL2015-2367936"], "type": "oracle"}, {"idList": ["SUSE-SU-2015:1353-1"], "type": "suse"}, {"idList": ["ORACLE_RDBMS_CPU_JUL_2015.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-0468"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "83918ecb23ad961a4305ca31b8b365f4d59d6a8d6842703f8fbebcba605f4c1f", "hashmap": [{"hash": "e4e1405d336291e7041a81e5dd0cab0a", "key": "description"}, {"hash": "0c9eebc8f50df03b72feb7f65889d51b", "key": "sourceData"}, {"hash": "a545e718c5a504ca26fe4ecd00d2e536", "key": "pluginID"}, {"hash": "450f38e644f633aad5f600cf16b84dd1", "key": "title"}, {"hash": "d56345ea57a1f167f6f849cfeb25e26b", "key": "published"}, {"hash": "c2e02b5198e39a7764a95e8123bfca51", "key": "references"}, {"hash": "801260da95531a926653af262fb7c32c", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "35d4c45b0fd9ef0ff57841ff7642c032", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "9b693da47adba5957bc32ade1e81b10f", "key": "modified"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "61a37396f8fc8545e5dc3fd73288ce16", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "id": "OPENVAS:1361412562310807048", "lastseen": "2018-10-26T14:40:04", "modified": "2018-10-26T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310807048", "published": "2016-01-25T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 12110 2018-10-26 06:58:59Z cfischer $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 12110 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:58:59 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-10-26T14:40:04"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0468"], "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "19d4da985cedb7b79e7f3db07f2471547ab19305881955f2a29107b2cab08cbc", "hashmap": [{"hash": "ea3eb160c09af47c14b4d0c46c439f16", "key": "sourceData"}, {"hash": "e4e1405d336291e7041a81e5dd0cab0a", "key": "description"}, {"hash": "a545e718c5a504ca26fe4ecd00d2e536", "key": "pluginID"}, {"hash": "450f38e644f633aad5f600cf16b84dd1", "key": "title"}, {"hash": "d56345ea57a1f167f6f849cfeb25e26b", "key": "published"}, {"hash": "c2e02b5198e39a7764a95e8123bfca51", "key": "references"}, {"hash": "801260da95531a926653af262fb7c32c", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "4dc36fa3026174639775aa077a4d2055", "key": "modified"}, {"hash": "35d4c45b0fd9ef0ff57841ff7642c032", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "61a37396f8fc8545e5dc3fd73288ce16", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "id": "OPENVAS:1361412562310807048", "lastseen": "2018-09-27T16:21:20", "modified": "2018-09-27T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310807048", "published": "2016-01-25T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 11640 2018-09-27 07:15:20Z asteins $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 11640 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-27 09:15:20 +0200 (Thu, 27 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Apply patches from below link,\n http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-27T16:21:20"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0468"], "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Oracle Database Server\n and is prone to unspecified vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d9956b4f0aa65f4a515f57bbbccfde9c8cf750f37fc03655941ed49a050504ef", "hashmap": [{"hash": "e4e1405d336291e7041a81e5dd0cab0a", "key": "description"}, {"hash": "93e5c233e772e6cdcec7e25ea69bd05f", "key": "sourceData"}, {"hash": "a545e718c5a504ca26fe4ecd00d2e536", "key": "pluginID"}, {"hash": "450f38e644f633aad5f600cf16b84dd1", "key": "title"}, {"hash": "d56345ea57a1f167f6f849cfeb25e26b", "key": "published"}, {"hash": "c2e02b5198e39a7764a95e8123bfca51", "key": "references"}, {"hash": "801260da95531a926653af262fb7c32c", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "35d4c45b0fd9ef0ff57841ff7642c032", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "c25939939952c380cb658154d6a4245e", "key": "modified"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "61a37396f8fc8545e5dc3fd73288ce16", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807048", "id": "OPENVAS:1361412562310807048", "lastseen": "2018-09-01T23:47:53", "modified": "2017-03-15T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310807048", "published": "2016-01-25T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 5580 2017-03-15 10:00:34Z teissa $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 5580 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-15 11:00:34 +0100 (Wed, 15 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Apply patches from below link,\n http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\ndbPort = \"\";\ndbVer = \"\";\n\n## Get port\nif(!dbport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\n## Check for vulnerable version\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "title": "Oracle Database Server Unspecified Vulnerability -08 Jan16", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:47:53"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "35d4c45b0fd9ef0ff57841ff7642c032"}, {"key": "cvss", "hash": "d21ac811d9123f8b274b461d7e2281ad"}, {"key": "description", "hash": "e4e1405d336291e7041a81e5dd0cab0a"}, {"key": "href", "hash": "801260da95531a926653af262fb7c32c"}, {"key": "modified", "hash": "9b693da47adba5957bc32ade1e81b10f"}, {"key": "naslFamily", "hash": "ea2ef9b0d095bf991f4973633b485340"}, {"key": "pluginID", "hash": "a545e718c5a504ca26fe4ecd00d2e536"}, {"key": "published", "hash": "d56345ea57a1f167f6f849cfeb25e26b"}, {"key": "references", "hash": "c2e02b5198e39a7764a95e8123bfca51"}, {"key": "reporter", "hash": "ea106ff9c2727a6e906e8959871e7c06"}, {"key": "sourceData", "hash": "0c9eebc8f50df03b72feb7f65889d51b"}, {"key": "title", "hash": "450f38e644f633aad5f600cf16b84dd1"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "b24c8876b72e2fd7421b6b0376942edeac63540d66f1a57c41d7b31f113d2e14", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0468"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1353-1"]}, {"type": "nessus", "idList": ["ORACLE_RDBMS_CPU_JUL_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}], "modified": "2019-05-29T18:35:36"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:35:36"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln08_jan16.nasl 12110 2018-10-26 06:58:59Z cfischer $\n#\n# Oracle Database Server Unspecified Vulnerability -08 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807048\");\n script_version(\"$Revision: 12110 $\");\n script_cve_id(\"CVE-2015-0468\");\n script_bugtraq_id(75853);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:58:59 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -08 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Core RDBMS component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n attackers to affect confidentiality, integrity, and availability via unknown\n vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.1.0.7, 11.2.0.3, and 12.1.0.1\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(dbVer =~ \"^(11|12)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.1.0.7\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "naslFamily": "Databases", "pluginID": "1361412562310807048", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.", "modified": "2017-09-22T01:29:00", "id": "CVE-2015-0468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0468", "published": "2015-07-16T10:59:00", "title": "CVE-2015-0468", "type": "cve", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:45:32", "bulletinFamily": "unix", "description": "oracle-update was updated to fix eight security issues.\n\n These security issues were fixed:\n - CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database\n Server. This vulnerability requires Create Session privileges for a\n successful attack. Easily exploitable vulnerability allows successful\n authenticated network attacks via multiple protocols. Successful attack\n of this vulnerability can result in unauthorized Operating System\n takeover including arbitrary code execution (bsc#938160).\n - CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle\n Database Server. This vulnerability requires Alter Session privileges\n for a successful attack. Successful attack of this vulnerability can\n result in unauthorized read access to all RDBMS Scheduler accessible\n data (bsc#938160).\n - CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle\n Database component of Oracle Enterprise Manager Grid Control\n (subcomponent: RAC Management). Easily exploitable vulnerability allows\n successful unauthenticated network attacks via HTTP. Successful attack\n of this vulnerability can result in unauthorized read access to a subset\n of Enterprise Manager for Oracle Database accessible data (bsc#938160).\n - CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of\n Oracle Database Server. This vulnerability requires Create Session,\n Create Any Index, Index object privilege on a Table privileges for a\n successful attack. Difficult to exploit vulnerability allows successful\n authenticated network attacks via Oracle Net. Successful attack of this\n vulnerability can result in unauthorized takeover of RDBMS Partitioning\n possibly including arbitrary code execution within the RDBMS\n Partitioning (bsc#938160).\n - CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of\n Oracle Database Server. Easily exploitable vulnerability requiring logon\n to Operating System. Successful attack of this vulnerability can result\n in unauthorized read access to all RDBMS Support Tools accessible data\n (bsc#938160).\n - CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle\n Database Server. This vulnerability requires Analyze Any or Create\n Materialized View privileges for a successful attack. Difficult to\n exploit vulnerability allows successful authenticated network attacks\n via Oracle Net. Successful attack of this vulnerability can result in\n unauthorized takeover of Core RDBMS possibly including arbitrary code\n execution within the Core RDBMS (bsc#938160).\n - CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle\n Database component of Oracle Enterprise Manager Grid Control\n (subcomponent: Content Management). Easily exploitable vulnerability\n allows successful authenticated network attacks via HTTP. Successful\n attack of this vulnerability can result in unauthorized update, insert\n or delete access to all Enterprise Manager for Oracle Database\n accessible data as well as read access to all Enterprise Manager for\n Oracle Database accessible data (bsc#938160).\n - CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle\n Database component of Oracle Enterprise Manager Grid Control\n (subcomponent: Content Management). Difficult to exploit vulnerability\n allows successful unauthenticated network attacks via HTTP. Successful\n attack of this vulnerability can result in unauthorized update, insert\n or delete access to some Enterprise Manager for Oracle Database\n accessible data (bsc#938160).\n\n For more details please see\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947\">http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947</a>\n .html\n\n", "modified": "2015-08-06T14:33:02", "published": "2015-08-06T14:33:02", "id": "SUSE-SU-2015:1353-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html", "type": "suse", "title": "Security update for oracle-update (important)", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-23T12:04:14", "bulletinFamily": "scanner", "description": "The remote Oracle database server is missing the July 2015 Critical\nPatch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Application Express (CVE-2015-2655, CVE-2015-2585,\n CVE-2015-2586)\n - Core RDBMS (CVE-2015-0468)\n - Java VM (CVE-2015-2629)\n - Oracle OLAP (CVE-2015-2595)\n - RDBMS Partitioning (CVE-2015-4740)\n - RDBMS Scheduler (CVE-2015-2599)\n - RDBMS Security (CVE-2015-4755)\n - RDBMS Support Tools (CVE-2015-4753)", "modified": "2019-11-02T00:00:00", "id": "ORACLE_RDBMS_CPU_JUL_2015.NASL", "href": "https://www.tenable.com/plugins/nessus/84822", "published": "2015-07-17T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (July 2015 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84822);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0468\",\n \"CVE-2015-2585\",\n \"CVE-2015-2586\",\n \"CVE-2015-2595\",\n \"CVE-2015-2599\",\n \"CVE-2015-2629\",\n \"CVE-2015-2655\",\n \"CVE-2015-4740\",\n \"CVE-2015-4753\",\n \"CVE-2015-4755\"\n );\n script_bugtraq_id(\n 75838,\n 75839,\n 75845,\n 75851,\n 75852,\n 75853,\n 75864,\n 75865,\n 75879,\n 75882\n );\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (July 2015 CPU)\");\n script_summary(english:\"Checks the installed patch info.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the July 2015 Critical\nPatch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Application Express (CVE-2015-2655, CVE-2015-2585,\n CVE-2015-2586)\n - Core RDBMS (CVE-2015-0468)\n - Java VM (CVE-2015-2629)\n - Oracle OLAP (CVE-2015-2595)\n - RDBMS Partitioning (CVE-2015-4740)\n - RDBMS Scheduler (CVE-2015-2599)\n - RDBMS Security (CVE-2015-4755)\n - RDBMS Support Tools (CVE-2015-4753)\");\n # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d18c2a85\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\n################################################################################\n# July 2015\npatches = make_nested_array();\n\n# RDBMS 12.1.0.2\npatches[\"12.1.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.4\", \"CPU\", \"20831110\");\npatches[\"12.1.0.2\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.7\", \"CPU\", \"21126814\");\n# RDBMS 12.1.0.1\npatches[\"12.1.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.8\", \"CPU\", \"20831107\");\npatches[\"12.1.0.1\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.20\", \"CPU\", \"21076681\");\n# RDBMS 11.2.0.4\npatches[\"11.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.7\", \"CPU\", \"20803583, 20760982\");\npatches[\"11.2.0.4\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.19\", \"CPU\", \"21691487\");\n# RDBMS 11.2.0.3\npatches[\"11.2.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.15\", \"CPU\", \"20803576, 20760997\");\npatches[\"11.2.0.3\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.2.0.3.39\", \"CPU\", \"21104035\");\npatches[\"11.2.0.3\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.2.0.3.39\", \"CPU\", \"21104036\");\n# RDBMS 11.1.0.7\npatches[\"11.1.0.7\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.24\", \"CPU\", \"20803573, 20761024\");\npatches[\"11.1.0.7\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.7.61\", \"CPU\", \"21104029\");\npatches[\"11.1.0.7\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.7.61\", \"CPU\", \"21104030\");\n\n# JVM 12.1.0.2\npatches[\"12.1.0.2\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.4\", \"CPU\", \"21068507\");\npatches[\"12.1.0.2\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.3\", \"CPU\", \"21153530\");\n# JVM 12.1.0.1\npatches[\"12.1.0.1\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.4\", \"CPU\", \"21068523\");\npatches[\"12.1.0.1\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.4\", \"CPU\", \"21153513\");\n# JVM 11.2.0.4\npatches[\"11.2.0.4\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.4\", \"CPU\", \"21068539\");\npatches[\"11.2.0.4\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.4\", \"CPU\", \"21153498\");\n# JVM 11.2.0.3\npatches[\"11.2.0.3\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.4\", \"CPU\", \"21068553\");\npatches[\"11.2.0.3\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.3.4\", \"CPU\", \"21153470\");\n# JVM 11.1.0.7\npatches[\"11.1.0.7\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.4\", \"CPU\", \"21068565\");\npatches[\"11.1.0.7\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.1.0.7.4\", \"CPU\", \"21153423\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:56", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-07-07T00:00:00", "published": "2015-07-14T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "", "title": "Oracle Critical Patch Update - July 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}