Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE network
low complexity
oracle
nessus
Published: 2013-10-16
Updated: 2017-09-19
Summary
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. Per http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database. To remediate this security vulnerability, customers should configure network encryption in their clients and servers to protect sensitive data sent over untrusted networks. Refer to http://docs.oracle.com/cd/E11882_01/license.112/e47877/options.htm#CIHFDJDG - "Oracle Advanced Security section" of "Oracle Database Licensing Information 11g Release 2 (11.2)" for details of this licensing change."
Vulnerable Configurations
| Part | Description | Count |
| Application | Oracle | 4 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_OCT_2013.NASL |
| description | The remote Oracle database server is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser |
| last seen | 2020-06-02 |
| modified | 2013-10-16 |
| plugin id | 70460 |
| published | 2013-10-16 |
| reporter | This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/70460 |
| title | Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST) |
Oval
| accepted | 2014-02-10T04:00:09.224-05:00 |
| class | vulnerability |
| contributors | | name | Maria Kedovskaya | | organization | ALTX-SOFT |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
|
| definition_extensions | | comment | Oracle Database Server is installed | | oval | oval:org.mitre.oval:def:17171 |
|
| description | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. |
| family | windows |
| id | oval:org.mitre.oval:def:18671 |
| status | accepted |
| submitted | 2013-10-24T16:31:26.748+04:00 |
| title | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 |
| version | 22 |