Vulnerability Details : CVE-2012-3152
Public exploit exists!
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
Vulnerability category: Execute code
Products affected by CVE-2012-3152
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.2.0:*:*:*:*:*:*:*
CVE-2012-3152 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Oracle Fusion Middleware Unspecified Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2012-3152
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2012-3152
96.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-3152
-
Oracle Forms and Reports Remote Code Execution
Disclosure Date: 2014-01-15First seen: 2020-04-26exploit/multi/http/oracle_reports_rceThis module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be
CVSS scores for CVE-2012-3152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST | 2024-07-25 |
References for CVE-2012-3152
-
http://www.securityfocus.com/bid/55955
Oracle Fusion Middleware CVE-2012-3152 Remote Security VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2014/Jan/186
Full Disclosure: Oracle Reports Exploit - Remote Shell/Dump PasswordsMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Oracle Critical Patch Update - October 2012Patch;Vendor Advisory
-
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
Broken Link
-
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
mandriva.comBroken Link
-
http://www.youtube.com/watch?v=NinvMDOj7sM
POC OracleReports CVE-2012-3153 - YouTubeExploit
-
http://www.osvdb.org/86394
404 Not FoundBroken Link
-
http://www.exploit-db.com/exploits/31253
Oracle Forms and Reports 11.1 - Arbitrary Code Execution - JSP remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.osvdb.org/86395
404 Not FoundBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79295
Oracle Fusion Middleware Reports Developer unspecified CVE-2012-3152 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to