Home » APEX » Oracle XE TNS Mitigation

Oracle XE TNS Mitigation

It’s been quite a while since my last post. Finding time to post is the roughest part for me so forgive this post if it’s a bit crude. I felt it was more important to get this up than make it pretty.

First some background.  All versions of Oracle at this point have a vulnerability to TNS Poisoning. I won’t go into details of that since it’s documented and discussed numerous places. What I will cover is what steps I have taken to secure my implementation of Oracle XE 11g. I should note that none of my implementations are EXTERNAL FACING, they are internal to the network only.


  • Windows Server 2008r2
  • OracleXE 11g
  • Apex 4.2.1
  • Apex Listener 2.0.1
  • Glassfish 3


The following post helps understand the Metalink note but the steps do not fully resolve the issue; https://forums.oracle.com/thread/2383756?start=15&tstart=0

Reference the Oracle Metalink note; 1453883.1


Basically, start with the default listener.ora file.
Stop the listener.
Add the following lines to the listener.ora file;
where LISTENER is the name of the listener in the listener.ora file.

My OracleXE install literally used the word “LISTENER” so my entry was exactly as stated above.
The Metalink note explains this clearly.

Add a specific entry for the local service to the listener.ora file (very important step);

(ORACLE_HOME = <home_path>)
(SID_NAME = xe)

Start the listener.

Alter the database local_listener parameter to utilize the IPC address by the listener;

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))’ scope = both;

where EXTPROC1 is the name of the KEY used in the listener.ora file.

Again, my OracleXE install used “EXTPROC1” so my statement was exactly as shown.

Check the parameter;
SQL> show parameter local_listener

Check the listener;
LSNRCTL> services listener

Again, sorry for the crudeness.

Posted in APEX, Oracle XE and tagged as , ,

Leave a Reply

Your email address will not be published. Required fields are marked *