Vulnerability in Oracle Database_server
CVE-2012-1675
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows rem…
EPSS: 0.914 (99.7th percentile) — read the EPSS interpretation.
Affected products
- Oracle Database_server — versions 10.2.0.3, 10.2.0.4, 10.2.0.5
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- SUSE-SU-2012:0765 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 53308 (Exploit, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1027000 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert_us@oracle.com (x_refsource_CONFIRM, Vendor Advisory)
- VU#359816 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
- 20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert_us@oracle.com (x_refsource_CONFIRM, Vendor Advisory)
- MDVSA-2013:150 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
- oracledatabase-tnslistener-spoofing(75303) (VDB Entry, vdb-entry, x_refsource_XF)
Frequently asked questions
- What is CVE-2012-1675?
- CVE-2012-1675 is a vulnerability in Oracle Database_server, classified under CWE-264. Published 2012-05-08.
- Is CVE-2012-1675 known to be exploited?
- 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.