ID CVE-2016-3479
Summary Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
References
Vulnerable Configurations
  • Oracle Database 11.2.0.4
    cpe:2.3:a:oracle:database:11.2.0.4
  • Oracle Database 12.1.0.2
    cpe:2.3:a:oracle:database:12.1.0.2
CVSS
Base: 7.8 (as of 12-08-2016 - 11:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_JUL_2016.NASL
description The remote Oracle Database Server is missing the July 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the RDBMS HTTPS Listener package due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3448) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3467) - An unspecified vulnerability exists in the Portable Clusterware component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3479) - An unspecified vulnerability exists in the Database Vault component that allows a local attacker to impact confidentiality and integrity. (CVE-2016-3484) - An unspecified vulnerability exists in the DB Sharding component that allows a local attacker to impact integrity. (CVE-2016-3488) - An unspecified vulnerability exists in the Data Pump Import component that allows a local attacker to to gain elevated privileges. (CVE-2016-3489) - An unspecified vulnerability exists in the JDBC component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3506) - An unspecified vulnerability exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-3609)
last seen 2019-02-21
modified 2018-07-25
plugin id 92522
published 2016-07-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=92522
title Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)
refmap via4
bid
  • 91787
  • 91898
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
sectrack 1036363
Last major update 28-11-2016 - 15:09
Published 21-07-2016 - 06:12
Last modified 31-08-2017 - 21:29
Back to Top