CVE

Id
56395  
CVE No.
CVE-2012-3152  
Status
Candidate  
Description
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.  
Phase
Assigned (20120606)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
584684 56395 CVE-2012-3152 EXPLOIT-DB:31253  View
584685 56395 CVE-2012-3152 URL:http://www.exploit-db.com/exploits/31253  View
584686 56395 CVE-2012-3152 FULLDISC:20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords  View
584687 56395 CVE-2012-3152 URL:http://seclists.org/fulldisclosure/2014/Jan/186  View
584688 56395 CVE-2012-3152 MISC:http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/  View
584689 56395 CVE-2012-3152 MISC:http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/  View
584690 56395 CVE-2012-3152 MISC:http://www.youtube.com/watch?v=NinvMDOj7sM  View
584691 56395 CVE-2012-3152 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html  View
584692 56395 CVE-2012-3152 MANDRIVA:MDVSA-2013:150  View
584693 56395 CVE-2012-3152 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150  View
584694 56395 CVE-2012-3152 BID:55955  View
584695 56395 CVE-2012-3152 URL:http://www.securityfocus.com/bid/55955  View
584696 56395 CVE-2012-3152 OSVDB:86394  View
584697 56395 CVE-2012-3152 URL:http://www.osvdb.org/86394  View
584698 56395 CVE-2012-3152 OSVDB:86395  View
584699 56395 CVE-2012-3152 URL:http://www.osvdb.org/86395  View
584700 56395 CVE-2012-3152 XF:fusionmiddleware-reports-cve20123152(79295)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29301 JVNDB-2012-005008 Oracle Financial Services の Oracle FLEXCUBE Direct Banking における BASE の処理に関する脆弱性 Oracle Financial Services の Oracle FLEXCUBE Direct Banking には、BASE に関する処理に不備があるため、完全性に影響のある脆弱性が存在します。 CVE-2012-3157 56395 3.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005008.html  View