Oracle TNS Listener VSNNUM Version Remote Information Disclosure

Medium Nessus Plugin ID 110053

Synopsis

A database service listening on the remote host discloses version information remotely.

Description

It was possible to extract the version number of the remote Oracle TNS (Transparent Network Substrate) listener remotely by sending an unauthenticated request to the TNS listener service operating on this port. This information could aid an attacker.

Note that the version of the TNS listener does not necessarily reflect the version of the Oracle database it provides access to.

Solution

Restrict access to the database to allowed IPs only.

Plugin Details

Severity: Medium

ID: 110053

File Name: oracle_tnslsnr_vsnnum_disclosure_pci.nasl

Version: 1.1

Type: remote

Family: Databases

Published: 2018/05/23

Updated: 2018/05/23

Dependencies: 22073

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Required KB Items: Settings/ParanoidReport