IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [oracle]

an American computer technology company based in California. Oracle specialize in computer hardware and enterprise software products including it's own brand RDBMS, along with MySQL and Java as a result of purchasing Sun Microsystems.

Oracle Corporation is an American computer technology company based in California. Oracle specialize in computer hardware and enterprise software products including it's own brand RDBMS, along with MySQL and Java as a result of purchasing Sun Microsystems.

Related reading

63 questions
2
votes
1 answer

Using TLSv1.2 on Weblogic server for outgoing transactions with IBM JDK

I am trying to use TLSv1.2 for all communications going out from my Weblogic application server(acting as SSL client) but couldn't use it. System details: Weblogic 12c IBM JRE7 SR9 Things I have tried: Enable only TLSv1.2 on weblogic server by…
smallarv
  • 56
  • 1
  • 6
2
votes
1 answer

is there a workaround for CVE-2015-2625?

we are not able to upgrade jdk 6 to jdk1.8u51 where this issue (CVE-2015-2625) is fixed. is there a workaround one can have until we migrate to jdk1.8?
user90336
  • 21
  • 1
1
vote
1 answer

Oracle Sql Injection Reverse Shell

I am testing for SQL Injection on a website that uses ASP code. I can successfully get all the databases and tables. Current user has DBA privileges. I wonder how can I get a reverse shell by using this SQL Injection. Oracle version is "Oracle…
user1968957
  • 39
  • 1
  • 2
1
vote
1 answer

Is it ok to have GRANT ANY ROLE privilege granted to an Oracle account which is expired & locked?

I know it's not considered secure to grant GRANT ANY ROLE privilege to other users apart from admins. But what if the user is expired & locked? In particular, I see these 2 users having this privilege: SPATIAL_CSW_ADMIN_USR and…
ZygD
  • 247
  • 1
  • 2
  • 10
1
vote
0 answers

How to identify column types during sql injection with "union all select" construct?

Situation is following: I have identified sql injection attack vector, and have following information about target table: It has six columns. (Identified using "order by"). I can see output of 3 of them (table is displayed). two seems kind of enum…
user74898
  • 11
  • 2
1
vote
1 answer

Difference between Oracle Label Security and Oracle Virtual Private Database?

I am working on a class project, and our lecturer ask a question with this title, I searched in net but I could not find a clear answer. if there is difference what are they? thanks
parmoon
  • 31
  • 4
1
vote
2 answers

Stop POODLE vulnerability in Oracle Application Server

Our Enterprise is using Oracle Application Server in front of Oracle database. We are using Oracle wallet manager(Installed with Oracle client 10) to create self-signed certificates. As you may know wallet manager in v 10 has some limitation in key…
user3351747
  • 11
  • 1
1
vote
1 answer

Connecting to Oracle Database from VBScript - Hiding Credentials

At work our first level support uses a ticket management system that allows us to add extra functionality via VBScripts that the application invokes. First level support also receives quite a few requests for a certain issue that requires a very…
Harry Muscle
  • 283
  • 1
  • 3
  • 6
1
vote
1 answer

How to disable x-oracle-dms-ecid cookie

During a security audit, our client found that we are sending to the client a cookie called 'x-oracle-dms-ecid'. They asked to disable it or change its name. We have been reading all the Oracle documentation available, but we couldn't find any…
amusero
  • 73
  • 1
  • 5
1
vote
1 answer

Oracle database privileges

I have a 10.2.0.5.0 Oracle Database and a list of users who i need to grant some privileges to (Mainly to generate reports and so on). I used impersonation, which means i created one Oracle user so that all application users access that Oracle user…
Optimus Prime
  • 298
  • 3
  • 12
1
vote
1 answer

OpenSSO and Basic Auth together

Our project is moving towards OpenSSO, but we have some CGIs that are accessed via web services. For example, one CGI locates files on the server and supplies them to the client. I understand that OpenSSO allows for an Exclusion List, but I'm…
user1776
1
vote
1 answer

Is VirtualBox safe and is it possible its spying on the user?

I'm looking to install a virtual machine and since Hyper-V is not available for my Windows 10 production version I'm forced to decide between VirtualBox and VMWare. VMWare looks much more modern and new while Virtual Box has a very old and 'sketchy'…
R.Peter
  • 33
  • 4
1
vote
0 answers

Possibility of dynamically generated prepared statements and stored procedure SQL injection?

I am working on Java application which generate SQL prepared statements and stored procedure query strings using user inputs and executes with PreparedStatement.execute() or CallableStatement.execute() Example: String query = "{? = call…
manish sardiwal
  • 11
  • 2
1
vote
0 answers

TDE - Does Key Rotation involve full tablespace Decryption and Re-Encryption?

In Oracle DB 12c, which uses TDE-Tablespace level. If i want to implement key rotation policy, what is the impact? 1. Is it the Tablespace key that will be rotated or the Masterkey? 2. Does key rotation involve, Decrypting the data with previous key…
ZEE
  • 157
  • 3
1
vote
1 answer

Is Oracle gathering information from my machine when I download Virtualbox or Netbeans?

When we try to download Netbeans or Virtualbox from the Oracle/Sun site, our firewall warns us that some suite called EdgeSuite tries to obtain information from our machines. I don't know what information it is gathering, but I can't download any of…
msmafra
  • 111
  • 2
1 2
3
4 5