Home » Security » Oracle Zero Day Vulnerability Still Not Patched

oracledatabase-150x150

Oracle Zero Day Vulnerability Still Not Patched after April’s patch release with had 88 patches.  The vulnerability allows an attacker to perform a man in the middle attack and capture information exchanged between clients and databases.  The vulnerability was reported in 2008 and has believed to been around since 1999 when the TNS Listener feature was added to Oracles product line.  Oracle has workarounds for the zero-day flaw which was found in there database server products.  Oracle has gone as far to release a security alert:

Oracle Security Alert for CVE-2012-1675

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html

The vulnerability is in the TNS listener which has been recently disclosed as “TNS Listener Poison Attack” affecting the Oracle Database Server.  The products affected are Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3, Oracle Database 11g Release 1, version 11.1.0.7, Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5, Fusion Middleware, Enterprise Manager and E-Business Suite.  Oracle has released work arounds which can be found at My Oracle Support Note 1340831.1 and My Oracle Support Note 1453883.1.

Comments

comments

Latest

What Should You Expect from a Prototyping Company?
Wonderful and useless features of mobile phones
cloud computing Top 4 Cloud Computing Trends to Look Out For
How to Pick the Best Cloud Hosting Service for Multiple WordPress Websites
Key Steps On How To Improve The Security Of Your Business Website

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Subscribe To The Technology Geek

Sponsors

Sponsors

Archives