QID: 19672 , Title: Oracle Database TNS Listener Poison Attack Vulnerability
Threat: "A vulnerability exists in the Listener component of Oracle Database Server. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Listener accessible data as well as read access to all Listener accessible data and ability to cause a partial denial of service (partial DOS) of Listener.
This vulnerability allows an attacker to perform a man-in-the-middle attack by registering an additional database instance in the TNS listener. The listener will then start load-balancing traffic to the new instance. This allows the attacker to receive the database transactions, record them and forward them to the original database. The attacker could also potentially modify the transactions and execute commands on the original database server.
This QID sends a request to register with the listener with the following command:
If the listener acknowledges and allows the scanner to register, then the QID is posted. If Oracle suggested solution is applied then the listener should not allow the scanner to register successfully.
Affected Products and Versions:
Oracle Database 11g Release 2, versions 18.104.22.168, 22.214.171.124, 126.96.36.199
Oracle Database 11g Release 1, version 188.8.131.52
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
NOTE: Although Oracle Database prior to 10g versions are not listed in the Oracle advisory, older versions of Oracle not covered by their lifetime policy and as per advisory, they could be affected."
We are not in the affected version list, why Qualay is detecting us as our Oracle Database 11g Release 2, 184.108.40.206? OS is Windows server 2012 R2