Forum Stats

  • 3,741,291 Users
  • 2,248,405 Discussions
  • 7,861,727 Comments

Discussions

"tns poison" vulnerability. Oracle XE 11.2.0.2.0.

2835604
2835604 Member Posts: 2

It seems that I have the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675) on my Oracle XE 11.2.0.2.0.

Could I apply the patch Patch 14046710  dedicated to Oracle standard edition ?

Thank you in Advance.

Frederic.

Answers

  • Srini Chavali-Oracle
    Srini Chavali-Oracle Member Posts: 29,596 Blue Diamond
    edited Mar 2, 2015 9:51AM

    Patches are not available for XE edition. You could try to apply the standard edition patch, but you will have to deal with any consequences

  • BrianPa
    BrianPa Member Posts: 255
    edited Mar 2, 2015 10:03AM

    Rather than attempting to patch something without official patches and potentially breaking your license to use it, I suggest disabling listener dynamic registration and configuring a static local_listener parameter within your XE database.  The TNS poison vulnerability relies on dynamic listener registration, and by disabling it we should no longer have risk from this vulnerability.

This discussion has been closed.