Summary
This host is installed with Oracle Database Server and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers to disclose sensitive information, manipulate certain data, and compromise a vulnerable system.
Impact Level: System/Application
Solution
Apply patches from below link,
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
*****
NOTE: Ignore this warning if above mentioned patch is installed.
*****
Insight
Multiple flaws exist in Core RDBMS component, no further information available at this moment.
Affected
Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1
Detection
Get the installed version with the help of tnslsnr service and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-2406, CVE-2014-2408 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
- IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)
- IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability
- Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)