Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2012-3153
PUBLISHED
More InfoOfficial Page
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
View Known Exploited Vulnerability (KEV) details
Published At-16 Oct, 2012 | 23:00
Updated At-06 Aug, 2024 | 19:57
Rejected At-
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79296
vdb-entry
x_refsource_XF
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
x_refsource_MISC
http://www.exploit-db.com/exploits/31253
exploit
x_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2014/Jan/186
mailing-list
x_refsource_FULLDISC
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/55961
vdb-entry
x_refsource_BID
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79296
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
Resource:
x_refsource_MISC
Hyperlink: http://www.exploit-db.com/exploits/31253
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://seclists.org/fulldisclosure/2014/Jan/186
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/55961
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
Resource:
x_refsource_MISC
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79296
vdb-entry
x_refsource_XF
x_transferred
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
x_refsource_MISC
x_transferred
http://www.exploit-db.com/exploits/31253
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://seclists.org/fulldisclosure/2014/Jan/186
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/55961
vdb-entry
x_refsource_BID
x_transferred
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
x_refsource_MISC
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79296
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/31253
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2014/Jan/186
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/55961
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Details not found