Oracle TNS Poison vulnerability
Publish Date: 21 luglio 2015
Gravità: : Alto
Identificatori CVE: CVE-2012-1675
Data notifica: 21 luglio 2015
Descrizione
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004997
Trend Micro Deep Security DPI Rule Name: 1004997 - Detected Too Many Oracle TNS Service Register Requests
Software e versione interessati:
- oracle database_10g 10.2.0.3
- oracle database_10g 10.2.0.4
- oracle database_10g 10.2.0.5
- oracle database_11g 11.1.0.7
- oracle database_11g 11.2.0.2
- oracle database_11g 11.2.0.3
- oracle database_server 10.2.0.3
- oracle database_server 10.2.0.4
- oracle database_server 10.2.0.5
- oracle database_server 11.1.0.7
- oracle database_server 11.2.0.2
- oracle database_server 11.2.0.3