Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of database vulnerability repair, which has certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let Xiaobian take you to understand it together.

For example, we often receive the following vulnerability scanning results, in fact, he has provided the address of the patch fixed, but our DBA has to compare this patch with the version of the database to check whether it has been fixed. Because some missed scanning software, he will only scan the large version number of Oracle, the small version PSU is not scanned out, and often scans out some vulnerabilities that we have fixed.

There are only three vulnerabilities here. In fact, there are still many vulnerabilities that have not been intercepted. It is too painful to link hundreds of vulnerabilities one by one. In fact, many links corresponding to CVE numbers are one. Below, I use a relatively stupid method to reduce the workload we view.

Just said, the link address is the same, then can you use to duplicate the way to intercept the unique link address?

UE tools can help me. I copied all the rectification suggestions to UE.

You can see that the prefix of the patch acquisition link is the same, www.oracle.com/technetwork/topics/security/XXXXXXXXXX

So now I'm going to query this part and copy it to the pasteboard.

Paste it into the new file, so that all the addresses are displayed

Remove duplicate values

There are only a few links left. Does it reduce the workload?

Open the link, select the software you want to fix, here we are the database of 11.2.0.4, then we choose the second one

Select Section 3, Patch Availability for Oracle Products

Select Oracle Database

Select version number:

Below is the patch repair corresponding to the CVE number ~~ and then according to the repair patch number and the current patch number of our production system to know whether it needs to be repaired.

Thank you for reading this article carefully. I hope that the article "Sample Analysis of Database Vulnerability Repair" shared by Xiaobian will be helpful to everyone. At the same time, I hope that everyone will support you more, pay attention to the industry information channel, and more relevant knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.