On 16th of Oct, Oracle has released a security update addressing 109 vulnerabilities in it;s 10 product line. Out of these 109 new vulnerabilities, 5 affect Oracle Database Server. The most severe of these Database vulnerabilities has received a CVSS Base Score of 10.0 on Windows platforms and 7.5 on Linux and Unix platforms. This vulnerability (CVE-2012-3137) is related to the “Cryptographic flaws in Oracle Database authentication protocol” disclosed at the Ekoparty Conference.
As per information available,
The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Do qualys have detection signature of this vulnerability.