How To Mitigate SSL/TSL Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR) Vulnerability in Oracle Analytics Server
(Doc ID 2946230.1)
Last updated on MAY 03, 2023
Applies to:
Oracle Analytics Server - Version 5.9.0 and laterInformation in this document applies to any platform.
Goal
After SSL was configured and Internal SSL was enabled for Oracle Analytics Server (OAS), a security scan reported the below vulnerability where the mentioned port is for the Oracle BI Scheduler (OBISCH):
Vulnerability: Secure Sockets Layer/Transport Layer Security (SSL/TSL) use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR)
Associated CVEs: CVE-2013-2566, CVE-2015-2808
Associated assets:
OAS Node 1 port ####/tcp over SSL
OAS Node 2 port ####/tcp over SSL
How can this vulnerability be minimized / mitigated?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |