On Jun 9, 2005, at 1:25 PM, Jones, Lisa (N-Spalding Consulting) wrote:
Ok, we previously had a problem with the alert68 showing up in our
scans, even though we patched for it, and it turned out to be that
we had plugin 1.8. We downloaded 1.9, which corrected the
alert....now we have patched for the Oracle AprCPU2005, and ran the
scans, and we are now receiving the following:
According to its version number, the installation of Oracle on the
remote
host is reportedly subject to multiple unspecified vulnerabilities.
Some vulnerabilities don't require authentication. It may allow an
attacker
to craft SQL queries such that they would be able to retrieve any
file on
the system and potentially retrieve and/or modify confidential data
on the
target's Oracle server.
Solution : <http://www.oracle.com/technology/deploy/security/pdf/
cpuapr2005.pdf>
Risk Factor : High
BID : 13145, 13144, 13139, 13238, 13236, 13235, 13234, 13239
We have already applied this patch....do we need another download?
We supposedly fixed the firewall problem that was preventing the
plugins from being downloaded.
Could you give us your Oracle version with this patch applied ? It
should be in the Nessus report.
Thanks,
Nicolas
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
