How to fix Oracle faillure Nessus security scan
Oracle version = Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit
OS version = Linux version 2.6.18-274.12.1.el5 (mockbuild@x86-001.build.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-51)) #1 SMP Tue Nov 8 21:37:35 EST 2011
Our test server failed the Nessus security scan. The text of the message is:
"
High Severity Vulnerability net8-cman (1830/tcp) SSL Anonymous Cipher Suites Supported
Synopsis : The remote service supports the use of anonymous SSL ciphers.
Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
OS version = Linux version 2.6.18-274.12.1.el5 (mockbuild@x86-001.build.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-51)) #1 SMP Tue Nov 8 21:37:35 EST 2011
Our test server failed the Nessus security scan. The text of the message is:
"
High Severity Vulnerability net8-cman (1830/tcp) SSL Anonymous Cipher Suites Supported
Synopsis : The remote service supports the use of anonymous SSL ciphers.
Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
2