[Openvas-discuss] Scanning for vulnerabilities in Oracle Database
santu at secpod.com
Tue Apr 10 14:29:25 CEST 2018
Here nothing do with NVT. As it looks like issue with an server
Please google exact error message along with status code. You might find
for proper configuration.
If you don't find , request you to send the exact error message with
On Tuesday 10 April 2018 05:02 PM, Anantha Raghava wrote:
> Any specific configuration to be done to get OpenVAS scan Oracle for
> vulnerabilities. I am doing authenticated scan. Yet receiving "tns
> listner connection refused" error. I checked the NVT, but could get
> any idea as to why it is failing to scan. Oracle tns is listening on
> port 1521, but connection is refused. No information is revealed.
> My OS Version is Windows Server 2008 R2.
> Thanks & Regards,
> Anantha Raghava
> Do not print this e-mail unless required. Save Paper & trees.
> On 07/04/18 10:01 PM, Anantha Raghava wrote:
>> Thanks for quick reply.
>> Yes, I am doing an authenticated scan. Yet, no information about
>> Oracle is revealed, but for the "tns listener refused connection error.
>> Thanks & Regards,
>> Anantha Raghava
>> On Sat 7 Apr, 2018, 9:57 PM Brandon Perry, <bperry.volatile at gmail.com
>> <mailto:bperry.volatile at gmail.com>> wrote:
>>> On Apr 7, 2018, at 10:56 AM, Anantha Raghava
>>> <raghav at exzatechconsulting.com
>>> <mailto:raghav at exzatechconsulting.com>> wrote:
>>> I have been using OpenVas vulnerability scanning for sometime now.
>>> I am trying to scan for Oracle Database on Windows to start with
>>> for vulnerabilities. When I select Full & Fast scan config, I
>>> receive report "Oracle tns lister refused connection" error. It
>>> detects the ports properly, but Oracle tns listner refuses the
>>> connection. I tried to create a new scan config, selected
>>> Databases NVT. It resulted 0 vulnerabilites whereas Oracle 11g
>>> is running on the target host.
>>> How do I scan Oracle for vulnerabilities? Can some one guide me
>>> how to proceed further?
>> Chances are you want to do an authenticated scan on the machine
>> so that patch levels can be enumerated. Then you don’t have to
>> worry about connecting to Oracle at all.
>>> Thanks & Regards,
>>> Anantha Raghava
>>> Do not print this e-mail unless required. Save Paper & trees.
>>> Openvas-discuss mailing list
>>> Openvas-discuss at wald.intevation.org
>>> <mailto:Openvas-discuss at wald.intevation.org>
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openvas-discuss