| Vulnerability Name: | CVE-2012-3152 (CCN-79295) | ||||||||
| Assigned: | 2012-10-16 | ||||||||
| Published: | 2012-10-16 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. Note: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. Note: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MISC Type: UNKNOWN http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ Source: MISC Type: UNKNOWN http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/ Source: MITRE Type: CNA CVE-2012-3152 Source: FULLDISC Type: UNKNOWN 20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords Source: CCN Type: SA50987 Oracle Forms and Reports Two Vulnerabilities Source: EXPLOIT-DB Type: UNKNOWN 31253 Source: MANDRIVA Type: UNKNOWN MDVSA-2013:150 Source: CCN Type: Oracle Web Site Oracle Critical Patch Update Advisory - October 2012 Source: CONFIRM Type: Patch, Vendor Advisory http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Source: OSVDB Type: UNKNOWN 86394 Source: OSVDB Type: UNKNOWN 86395 Source: CCN Type: OSVDB ID: 86394 Oracle Forms and Reports Developer Component Servlet Subcomponent Unspecified Remote Issue Source: CCN Type: OSVDB ID: 86395 Oracle Forms and Reports Developer Component Report Server Component Subcomponent Unspecified Remote Issue Source: BID Type: UNKNOWN 55955 Source: CCN Type: BID-55955 Oracle Fusion Middleware CVE-2012-3152 Remote Security Vulnerability Source: MISC Type: UNKNOWN http://www.youtube.com/watch?v=NinvMDOj7sM Source: XF Type: UNKNOWN fusionmiddleware-reports-cve20123152(79295) Source: XF Type: UNKNOWN fusionmiddleware-reports-cve20123152(79295) Source: CCN Type: Packet Storm Security [01-28-2014] Oracle Forms And Reports Database Disclosure Source: CCN Type: Packet Storm Security [02-18-2014] Oracle Forms / Reports Remote Code Execution Source: CCN Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY KNOWN EXPLOITED VULNERABILITIES CATALOG Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-29-2014] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||