We are running Non-RAC Oracle 126.96.36.199.0 and the TNS poison attack vulnerability (Oracle Security Alert for CVE-2012-1675 - https://www.oracle.com/security-alerts/alert-cve-2012-1675.html
) looks affected this version of Oracle.
What we have done:
* Have applied the latest version of Oracle critical patches update (July/2015) on 188.8.131.52.0
What we are expecting:
* We hope applying the latest CPU (July/2015) for 184.108.40.206.0 can fix it and no further actions required.
My question is:
* Do we still need to follow the steps in <Using Class of Secure Transport (COST) to Restrict Instance Registration (Doc ID 1453883.1)> mentioned in Oracle Security Alert for CVE-2012-1675 to fix this issue?
For such issues, you *always* want to speak to Support and get an official position because security is obviously a make-or-break position for any enterprise.
But in *my* reading of https://www.oracle.com/security-alerts/cpujul2015.html
, I don't see any reference to CVE-2012-1675, so I'd be surprised if that patch has resolved the issue.
I'll also add .... you're no more than a month or two away from being on a totally desupported version... so moving to 19c sounds like a much better option to me