CVE-2012-3152: CVE-2012-3152

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2012-3152

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Fusion Middleware Oracle Reports Developer组件未明安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。 Oracle Fusion Middleware 11.1.1.4、11.1.1.6、11.1.2.0版本中的Oracle Reports Developer组件中存在未明漏洞。远程攻击者可利用该漏洞通过与报告服务器组件有关的未知向量，影响保密性和完整性。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2012-3152

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2012-3152

Please Login to view more intelligence information

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlx_refsource_CONFIRM
http://www.youtube.com/watch?v=NinvMDOj7sMx_refsource_MISC
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/x_refsource_MISC
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/x_refsource_MISC
🔗 http://www.osvdb.org/86394vdb-entryx_refsource_OSVDB
http://www.exploit-db.com/exploits/31253exploitx_refsource_EXPLOIT-DB
http://www.osvdb.org/86395vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/55955vdb-entryx_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150vendor-advisoryx_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/79295vdb-entryx_refsource_XF
http://seclists.org/fulldisclosure/2014/Jan/186mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2012-3152

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2012-3152

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2012-3152

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2012-3152

III. Intelligence Information for CVE-2012-3152

IV. Related Vulnerabilities

V. Comments for CVE-2012-3152

Leave a comment