Detections
Analytics

Oracle Security Alert #68

high Nessus Network Monitor Plugin ID 2277

Synopsis

The remote host appears to be running a vulnerable version of Oracle Database Server.

Description

The remote host appears to be running a vulnerable version of Oracle Database Server. It is reported that Oracle Database Server version 8.1.7, 9.0.1.4, 9.0.1.5, 9.0.4, 9.2.0.4, 9.2.0.5 and 10.1.0.2 are prone to multiple vulnerabilities including buffer overflow issues, PL/SQL injection, trigger abuse, character set conversion bugs and denial of service issues. An attacker may exploit these vulnerabilities to deny service to legitimate users or to execute arbitrary code on the remote server.

Solution

Download and install the relevant patch from Oracle.

See Also

http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Plugin Details

Severity: High

ID: 2277

Family: Database

Published: 9/13/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:oracle10g

Exploitable With

Core Impact

Reference Information

CVE: CVE-2004-0637, CVE-2004-0638, CVE-2004-1362, CVE-2004-1363, CVE-2004-1364, CVE-2004-1365, CVE-2004-1366, CVE-2004-1368, CVE-2004-1369, CVE-2004-1370, CVE-2004-1371

BID: 11120, 11100, 11091, 10871, 11099