CVE-2012-3152

KEV

Published: Ott 16, 2012 Last Modified: Ott 22, 2025

ExploitDB:

Other exploit source:

Google Dorks: Google Dorks

CRITICAL 9,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

MEDIUM 6,4

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: none

Description

AI Translation Available

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,9264

Percentile

1,0th

Updated

EPSS Score Trend (Last 91 Days)

View on Exploit-DB GHDB vulnerable servers

Google Query: https://www.google.com/search?q=inurl%3A%22%2Freports%2Frwservlet%22+intext%3A%22Oracle%22

Author: anonymous Date: 2014-02-05

Exploit

Oracle Forms and Reports 11.1 - Arbitrary Code …

Oracle Forms and Reports 11.1 - Arbitrary Code Execution

Author: Mekanismen Published:

View Exploit Code →

Exploit

Oracle Forms and Reports - Remote Code Execution …

Verified Metasploit Framework (MSF)

Oracle Forms and Reports - Remote Code Execution (Metasploit)

Author: Metasploit Published: Status: Verified

View Exploit Code →

Application

Fusion Middleware by Oracle

Product Information

Vendor Oracle

Product Fusion Middleware

Version 11.1.1.4.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Fusion Middleware by Oracle

Product Information

Vendor Oracle

Product Fusion Middleware

Version 11.1.1.6.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:fusion_middleware:11.1.1.6.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Fusion Middleware by Oracle

Product Information

Vendor Oracle

Product Fusion Middleware

Version 11.1.2.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:fusion_middleware:11.1.2.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…

http://blog.netinfiltration.com/2013/11/03/oracle-reports-c…

http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve…

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit…

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-form…

http://seclists.org/fulldisclosure/2014/Jan/186

https://exchange.xforce.ibmcloud.com/vulnerabilities/79295

http://www.exploit-db.com/exploits/31253

http://www.mandriva.com/security/advisories?name=MDVSA-2013…

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct201…

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

http://www.osvdb.org/86394

http://www.osvdb.org/86395

http://www.securityfocus.com/bid/55955

http://www.youtube.com/watch?v=NinvMDOj7sM

http://blog.netinfiltration.com/2013/11/03/oracle-reports-c…

http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve…

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit…

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-form…

http://seclists.org/fulldisclosure/2014/Jan/186

https://exchange.xforce.ibmcloud.com/vulnerabilities/79295

http://www.exploit-db.com/exploits/31253

http://www.mandriva.com/security/advisories?name=MDVSA-2013…

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct201…

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

http://www.osvdb.org/86394

http://www.osvdb.org/86395

http://www.securityfocus.com/bid/55955

http://www.youtube.com/watch?v=NinvMDOj7sM

CVE-2012-3152

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Oracle Forms and Reports 11.1 - Arbitrary Code …

Oracle Forms and Reports - Remote Code Execution …

Fusion Middleware by Oracle

Product Information

Fusion Middleware by Oracle

Product Information

Fusion Middleware by Oracle

Product Information

Iscriviti alla newsletter