Oracle Database Express Edition (XE)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

XE database identified for Oracle TNS Listener Remote Poisoning vulnerability

Balaji DesaiApr 16 2014 — edited May 9 2014

We have Oracle XE 11.2.0.2 installed on windows 2003 server. The TNS listener was identified to have "Oracle TNS Listener Remote Poisoning" (CVE-2012-1675) security vulnerability issue.

We tried workarounds suggested by Oracle, but none are working.

1. Set Dynamic Registration of instance off - It does not work since we are using Oracle Apex.

2. Set SECURE_REGISTER parameter to restrict registration to IPC protocol. However, we observe that database does not get registered into listener after enabling this parameter.

3. We cannot set SECURE_LISTENER parameter to restrict registration to TCP protocol since it requires patch to be applied to Database. We cannot apply patches to Oracle XE.

So, how can we address this issue of CVE-2012-1675 security vulnerability ?

Thanks and Regards,

Balaji Desai

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 6 2014

Added on Apr 16 2014

3 comments

2,469 views