The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
Published 2012-05-08 22:55:01
Updated 2018-08-23 12:51:09
Source Oracle
View at NVD,   CVE.org

Products affected by CVE-2012-1675

Threat overview for CVE-2012-1675

Top countries where our scanners detected CVE-2012-1675
Top open port discovered on systems with this issue 1521
IPs affected by CVE-2012-1675 30,205
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2012-1675!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-1675

96.95%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2012-1675

  • Oracle TNS Listener Checker
    Disclosure Date: 2012-04-18
    First seen: 2020-04-26
    auxiliary/scanner/oracle/tnspoison_checker
    This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packet with command to register new TNS Listener and checks for a response indicating an error. If the registration is errored, the target is not vulnerable. Otherwise, the tar

CVSS scores for CVE-2012-1675

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

CWE ids for CVE-2012-1675

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1675

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!