LET'S TALK ABOUT DATABASE HACKING BY PUBLIC NETWORK....WHAT WE CALLED AS "LISTENER POISON ATTACK".
*********************************************************************************
*********************************************************************************
The attack point of this vulnerability is once again the Oracle listener. The impact of this vulnerability differs from the network configuration of the database server and listener. Public accessible listener will suffer a lot from this issue while internal listener a bit less.
*********************************************************************************
*********************************************************************************
The attack point of this vulnerability is once again the Oracle listener. The impact of this vulnerability differs from the network configuration of the database server and listener. Public accessible listener will suffer a lot from this issue while internal listener a bit less.
CRITICALITY OF THE ISSUE
=========================
1.Public accessible Listener e.g. listener is accessible from the internet => extremely critical
2.Listener is accessible by the company network e.g. any client can access the listener => very critical
3.Network zoning or network segmentation is used. E.g only a limited number of system accessing (application server) can access listener => critical.
I prevent the exploitation of the vulnerability in the test/staging database in last week (4th Oct) we are going to implement in production on 11th Oct.....
PLEASE APPLY THIS VULNERABILITY TO AVOID THE POISON ATTACK....
=========================
1.Public accessible Listener e.g. listener is accessible from the internet => extremely critical
2.Listener is accessible by the company network e.g. any client can access the listener => very critical
3.Network zoning or network segmentation is used. E.g only a limited number of system accessing (application server) can access listener => critical.
I prevent the exploitation of the vulnerability in the test/staging database in last week (4th Oct) we are going to implement in production on 11th Oct.....
PLEASE APPLY THIS VULNERABILITY TO AVOID THE POISON ATTACK....
No comments:
Post a Comment