CVE

Id
56396  
CVE No.
CVE-2012-3153  
Status
Candidate  
Description
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.  
Phase
Assigned (20120606)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
584701 56396 CVE-2012-3153 EXPLOIT-DB:31253  View
584702 56396 CVE-2012-3153 URL:http://www.exploit-db.com/exploits/31253  View
584703 56396 CVE-2012-3153 FULLDISC:20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords  View
584704 56396 CVE-2012-3153 URL:http://seclists.org/fulldisclosure/2014/Jan/186  View
584705 56396 CVE-2012-3153 MISC:http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/  View
584706 56396 CVE-2012-3153 MISC:http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/  View
584707 56396 CVE-2012-3153 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html  View
584708 56396 CVE-2012-3153 MANDRIVA:MDVSA-2013:150  View
584709 56396 CVE-2012-3153 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150  View
584710 56396 CVE-2012-3153 BID:55961  View
584711 56396 CVE-2012-3153 URL:http://www.securityfocus.com/bid/55961  View
584712 56396 CVE-2012-3153 XF:fusionmiddleware-reports-cve20123153(79296)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29238 JVNDB-2012-004945 Oracle MySQL の MySQL Server における Protocol の処理に関する脆弱性 Oracle MySQL の MySQL Server には、Protocol に関する処理に不備があるため、機密性、完全性、および可用性に影響のある脆弱性が存在します。 CVE-2012-3158 56396 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004945.html  View