Hi Team
We are running Non-RAC Oracle 11.2.0.3.0 and the TNS poison attack vulnerability (Oracle Security Alert for CVE-2012-1675 -
https://www.oracle.com/security-alerts/alert-cve-2012-1675.html ) looks affected this version of Oracle.
What we have done:
* Have applied the latest version of Oracle critical patches update (July/2015) on 11.2.0.3.0
What we are expecting:
* We hope applying the latest CPU (July/2015) for 11.2.0.3.0 can fix it and no further actions required.
My question is:
* Do we still need to follow the steps in <Using Class of Secure Transport (COST) to Restrict Instance Registration (Doc ID 1453883.1)> mentioned in Oracle Security Alert for CVE-2012-1675 to fix this issue?
Best Regards
For such issues, you *always* want to speak to Support and get an official position because security is obviously a make-or-break position for any enterprise.
But in *my* reading of
https://www.oracle.com/security-alerts/cpujul2015.html , I don't see any reference to CVE-2012-1675, so I'd be surprised if that patch has resolved the issue.
I'll also add .... you're no more than a month or two away from being on a totally desupported version... so moving to 19c sounds like a much better option to me