Forum Stats

  • 3,741,782 Users
  • 2,248,475 Discussions
  • 7,861,993 Comments

Discussions

How to fix CVE-2015-0204 on Oracle client 12.1.0.2

TrangPham
TrangPham Member Posts: 5 Blue Ribbon
edited May 26, 2019 9:41PM in Database Security - General

Our QualysGuard systems scaned some computer/server and detected vulnerabilities (SSL/TLS Server Factoring RSA Export Keys). We investigated and know that it relates to Oracle (version 12.1.0.2) and CVE-2015-0204. Could you please support us fix this problem ?

TrangPham

Answers

  • TrangPham
    TrangPham Member Posts: 5 Blue Ribbon
    edited May 24, 2019 2:01AM

    Can anyone help me ?

  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited May 24, 2019 5:55AM

    why don't you upgrade your OpenSSL and generate a new SSL Certificate ?

    Regards,

    Emad

    TrangPham
  • TrangPham
    TrangPham Member Posts: 5 Blue Ribbon
    edited May 25, 2019 12:06AM

    Because I don't know which certificate that is used by Oracle client ? Can you give me some methods to detect it ?

  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited May 25, 2019 4:47PM

    have you checked sqlnet.ora file ?

    TrangPham
  • TrangPham
    TrangPham Member Posts: 5 Blue Ribbon
    edited May 26, 2019 9:41PM

    # sqlnet.ora Network Configuration File: C:\Oracle\product\12.1.0\client_1\\NETWORK\ADMIN\sqlnet.ora

    # Generated by Oracle configuration tools.

    #NAMES.DEFAULT_DOMAIN = LOCALDOM

    #NAMES.DIRECTORY_PATH= (TNSNAMES)

    # This file is actually generated by netca. But if customers choose to

    # install "Software Only", this file wont exist and without the native

    # authentication, they will not be able to connect to the database on NT.

    SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)

    SSL_VERSION = 0

    NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME)

    SSL_CLIENT_AUTHENTICATION = FALSE

    WALLET_LOCATION =

      (SOURCE =

        (METHOD = FILE)

        (METHOD_DATA =

          (DIRECTORY = C:\Oracle\product\12.1.0\client_1\\admin\null\wallet)

        )

      )

    SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA)

    SQLNET.EXPIRE_TIME = 30

    ADR_BASE = C:\Oracle\product\12.1.0\client_1\log

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Here is my file.

Sign In or Register to comment.