| VID |
25103 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The remote Oracle database server is missing the April 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :
- Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799)
- Oracle Security Service (CVE-2009-3555)
- Application Service Level Management (CVE-2011-0787)
- Network Foundation (CVE-2011-0806)
- Oracle Help (CVE-2011-0785)
- UIX (CVE-2011-0805)
- Database Vault (CVE-2011-0793, CVE-2011-0804)
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
* Platforms Affected:
Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update Advisory dated April 2011 at http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html |
| Related URL |
CVE-2009-3555,CVE-2011-0785,CVE-2011-0787,CVE-2011-0792,CVE-2011-0793,CVE-2011-0799,CVE-2011-0804,CVE-2011-0805,CVE-2011-0806 (CVE) |
| Related URL |
47429,47430,47431,47432,,47436,47441,47451 (SecurityFocus) |
| Related URL |
(ISS) |
|
