Oracle Database Server Multiple Unspecified Vulnerabilities-02 Jan2014 Network Vulnerability

Summary

This host is installed with Oracle Database Server and is prone to multiple information disclosure vulnerabilities.

Impact

Successful exploitation will allow attackers to cause denial of service condition or obtain sensitive information. Impact Level: Application

Solution

Apply patches from below link, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html ***** NOTE: Ignore this warning if above mentioned patch is installed. *****

Insight

Multiple flaws exist in Core RDBMS and Spatial component, no further information available at this moment.

Affected

Oracle Database Server version 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 are affected

Detection

Get the installed version with the help of tnslsnr service and check it is vulnerable or not.

References

http://osvdb.org/102080
http://osvdb.org/102081
http://osvdb.org/102082
http://secunia.com/advisories/56452
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5858, CVE-2014-0377, CVE-2014-0378

CVSS	Base Score: 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
Oracle Database Server Multiple Unspecified Vulnerabilities-02 Jan2014
IBM DB2 db2pd Denial Of Service Vulnerability (Win)
IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
Oracle MySQL Multiple Unspecified vulnerabilities - 03 May14 (Windows)

Take action and discover your vulnerabilities