While researching Oracle GoldenGate, Tenable found three vulnerabilities in GoldenGate Manager. GoldenGate Manager is the process that is in charge of monitoring, controlling, and reporting status on other GoldenGate components. The Manager listens on port 7809 where it accepts GoldenGate Software Command Interface (GGSCI) commands.
Oracle GG: 12.1.2.1.2 and later
Database : 11g /12c
Xag : 4.1.0
Scenario/Error : Goldengate VIP and Xag services getting relocated frequently. whenever Xag service getting restart Manager also restarted hence all Replication got stuck .
Currently Oracle GoldenGate cannot handle security scan, and the observed unknown message is due to that. Also Security scanning try to upload images with help of MGR port but oracle are now allow to upload this types of data.
Oracle GG: 12.1.2.1.2 and later
Database : 11g /12c
Xag : 4.1.0
Scenario/Error : Goldengate VIP and Xag services getting relocated frequently. whenever Xag service getting restart Manager also restarted hence all Replication got stuck .
Currently Oracle GoldenGate cannot handle security scan, and the observed unknown message is due to that. Also Security scanning try to upload images with help of MGR port but oracle are now allow to upload this types of data.
It is Strongly recommended by Oracle to not do security scan on ogg ports
Error Massages :
Pink : scanner Host
Green : GGVIP
2020-05-30 04:19:03 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:21:08 INFO OGG-00957 Oracle GoldenGate Manager for Oracle, mgr.prm: Purged old extract file /acfs/goldengate/dirdat/LC302371, applying UseCheckPoints purge rule: Oldest Chkpt Seqno 302663 > 302371.
2020-05-30 04:28:07 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:02 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:29:04 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:29:10 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Unknown 18 bytes message received from [11.160.10.145]:57880:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a |GET / HTTP/1.0..|
000010: 0d 0a |.. |.
2020-05-30 04:29:10 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Unknown 18 bytes message received from [11.160.10.145]:43534:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a |GET / HTTP/1.0..|
000010: 0d 0a |.. |.
2020-05-30 04:29:13 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:13 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:33 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:33 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:35 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:37 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:37 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:39 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:41 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:41 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:45 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Unknown 287 bytes message received from [11.160.10.145]:48518:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
000010: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 43 6c 6f 73 |Connection: Clos|
000020: 65 0d 0a 48 6f 73 74 3a 20 31 30 2e 31 35 30 2e |e..Host: 11.160.|
000030: 34 30 2e 31 36 33 0d 0a 50 72 61 67 6d 61 3a 20 |40.163..Pragma: |
000040: 6e 6f 2d 63 61 63 68 65 0d 0a 55 73 65 72 2d 41 |no-cache..User-A|
000050: 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e |gent: Mozilla/4.|
000060: 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 3b 20 4d |0 (compatible; M|
000070: 53 49 45 20 38 2e 30 3b 20 57 69 6e 64 6f 77 73 |SIE 8.0; Windows|
000080: 20 4e 54 20 35 2e 31 3b 20 54 72 69 64 65 6e 74 | NT 5.1; Trident|
000090: 2f 34 2e 30 29 0d 0a 41 63 63 65 70 74 3a 20 69 |/4.0)..Accept: i|
0000A0: 6d 61 67 65 2f 67 69 66 2c 20 69 6d 61 67 65 2f |mage/gif, image/|
0000B0: 78 2d 78 62 69 74 6d 61 70 2c 20 69 6d 61 67 65 |x-xbitmap, image|
0000C0: 2f 6a 70 65 67 2c 20 69 6d 61 67 65 2f 70 6a 70 |/jpeg, image/pjp|
0000D0: 65 67 2c 20 69 6d 61 67 65 2f 70 6e 67 2c 20 2a |eg, image/png, *|
0000E0: 2f 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 |/*..Accept-Langu|
0000F0: 61 67 65 3a 20 65 6e 0d 0a 41 63 63 65 70 74 2d |age: en..Accept-|
000100: 43 68 61 72 73 65 74 3a 20 69 73 6f 2d 38 38 35 |Charset: iso-885|
000110: 39 2d 31 2c 2a 2c 75 74 66 2d 38 0d 0a 0d 0a |9-1,*,utf-8.... |.
2020-05-30 04:29:46 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Unknown 309 bytes message received from [10.100.10.145]:63038:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
This could be caused by security scan on ogg ports. Currently ogg cannot handle security scan, and the observed unknown message is due to that.
Solutions :
1 . Stop the Security scanning on Goldengate manager port
2 . Wait for Security scanning completion
3 . Permanent solution is exclude the mgr port from security scanning
For more Details : (Doc ID 2195512.1)
2020-05-30 04:19:03 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:21:08 INFO OGG-00957 Oracle GoldenGate Manager for Oracle, mgr.prm: Purged old extract file /acfs/goldengate/dirdat/LC302371, applying UseCheckPoints purge rule: Oldest Chkpt Seqno 302663 > 302371.
2020-05-30 04:28:07 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:02 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:29:04 INFO OGG-01021 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Command received from GGSCI: STATS REPORTCDR.
2020-05-30 04:29:10 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Unknown 18 bytes message received from [11.160.10.145]:57880:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a |GET / HTTP/1.0..|
000010: 0d 0a |.. |.
2020-05-30 04:29:10 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Unknown 18 bytes message received from [11.160.10.145]:43534:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a |GET / HTTP/1.0..|
000010: 0d 0a |.. |.
2020-05-30 04:29:13 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:13 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:33 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:33 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:35 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:37 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:37 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:39 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:41 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Connection reset by peer.
2020-05-30 04:29:41 WARNING OGG-01223 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Connection reset by peer.
2020-05-30 04:29:45 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptw01.prm: Unknown 287 bytes message received from [11.160.10.145]:48518:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
000010: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 43 6c 6f 73 |Connection: Clos|
000020: 65 0d 0a 48 6f 73 74 3a 20 31 30 2e 31 35 30 2e |e..Host: 11.160.|
000030: 34 30 2e 31 36 33 0d 0a 50 72 61 67 6d 61 3a 20 |40.163..Pragma: |
000040: 6e 6f 2d 63 61 63 68 65 0d 0a 55 73 65 72 2d 41 |no-cache..User-A|
000050: 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e |gent: Mozilla/4.|
000060: 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 3b 20 4d |0 (compatible; M|
000070: 53 49 45 20 38 2e 30 3b 20 57 69 6e 64 6f 77 73 |SIE 8.0; Windows|
000080: 20 4e 54 20 35 2e 31 3b 20 54 72 69 64 65 6e 74 | NT 5.1; Trident|
000090: 2f 34 2e 30 29 0d 0a 41 63 63 65 70 74 3a 20 69 |/4.0)..Accept: i|
0000A0: 6d 61 67 65 2f 67 69 66 2c 20 69 6d 61 67 65 2f |mage/gif, image/|
0000B0: 78 2d 78 62 69 74 6d 61 70 2c 20 69 6d 61 67 65 |x-xbitmap, image|
0000C0: 2f 6a 70 65 67 2c 20 69 6d 61 67 65 2f 70 6a 70 |/jpeg, image/pjp|
0000D0: 65 67 2c 20 69 6d 61 67 65 2f 70 6e 67 2c 20 2a |eg, image/png, *|
0000E0: 2f 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 |/*..Accept-Langu|
0000F0: 61 67 65 3a 20 65 6e 0d 0a 41 63 63 65 70 74 2d |age: en..Accept-|
000100: 43 68 61 72 73 65 74 3a 20 69 73 6f 2d 38 38 35 |Charset: iso-885|
000110: 39 2d 31 2c 2a 2c 75 74 66 2d 38 0d 0a 0d 0a |9-1,*,utf-8.... |.
2020-05-30 04:29:46 INFO OGG-01022 Oracle GoldenGate Delivery for Oracle, rptwlg.prm: Unknown 309 bytes message received from [10.100.10.145]:63038:0 - 000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
This could be caused by security scan on ogg ports. Currently ogg cannot handle security scan, and the observed unknown message is due to that.
Solutions :
1 . Stop the Security scanning on Goldengate manager port
2 . Wait for Security scanning completion
3 . Permanent solution is exclude the mgr port from security scanning
For more Details : (Doc ID 2195512.1)
