Oracle TNS Listener VSNNUM Version Remote Information Disclosure

medium Nessus Plugin ID 110053

Language:

Synopsis

A database service listening on the remote host discloses version information remotely.

Description

It was possible to extract the version number of the remote Oracle TNS (Transparent Network Substrate) listener remotely by sending an unauthenticated request to the TNS listener service operating on this port. This information could aid an attacker.

Note that the version of the TNS listener does not necessarily reflect the version of the Oracle database it provides access to.

Solution

Restrict access to the database to allowed IPs only.

Plugin Details

Severity: Medium

ID: 110053

File Name: oracle_tnslsnr_vsnnum_disclosure_pci.nasl

Version: 1.2

Type: remote

Family: Databases

Published: 5/23/2018

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Required KB Items: Settings/ParanoidReport

Detections

Analytics