Skip to Main Content
  • Questions
  • Oracle TNS poison attack vulnerability


Question and Answer

Connor McDonald

Thanks for the question.

Asked: October 19, 2020 - 3:30 am UTC

Answered by: Connor McDonald - Last updated: October 19, 2020 - 5:56 am UTC

Category: Database Administration - Version:

Viewed 100+ times

You Asked

Hi Team

We are running Non-RAC Oracle and the TNS poison attack vulnerability (Oracle Security Alert for CVE-2012-1675 - ) looks affected this version of Oracle.

What we have done:
* Have applied the latest version of Oracle critical patches update (July/2015) on

What we are expecting:
* We hope applying the latest CPU (July/2015) for can fix it and no further actions required.

My question is:
* Do we still need to follow the steps in <Using Class of Secure Transport (COST) to Restrict Instance Registration (Doc ID 1453883.1)> mentioned in Oracle Security Alert for CVE-2012-1675 to fix this issue?

Best Regards

and we said...

For such issues, you *always* want to speak to Support and get an official position because security is obviously a make-or-break position for any enterprise.

But in *my* reading of , I don't see any reference to CVE-2012-1675, so I'd be surprised if that patch has resolved the issue.

I'll also add .... you're no more than a month or two away from being on a totally desupported version... so moving to 19c sounds like a much better option to me

More to Explore


Need more information on Administration? Check out the Administrators guide for the Oracle Database