Описание
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
Ссылки
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- VDB Entry
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- VDB Entry
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
EPSS
7.5 High
CVSS2