Ok, we previously had a problem with the alert68 showing up in our scans, even though we patched for it, and it turned out to be that we had plugin 1.8. We downloaded 1.9, which corrected the alert....now we have patched for the Oracle AprCPU2005, and ran the scans, and we are now receiving the following: According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple unspecified vulnerabilities. Some vulnerabilities don't require authentication. It may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and potentially retrieve and/or modify confidential data on the target's Oracle server.
Solution : <http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf> Risk Factor : High BID : 13145, 13144, 13139, 13238, 13236, 13235, 13234, 13239 We have already applied this patch....do we need another download? We supposedly fixed the firewall problem that was preventing the plugins from being downloaded. Lisa Jones Sr. Database Management Specialist Certified Oracle Professional DBA Oracle Master Spalding Consulting 240-725-5091 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
