WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Reports rwservlet vulnerabilities

Description

netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

Remediation

Currently, Oracle didn't provided any fix for these vulnerabilities.

References

Related Vulnerabilities

ColdFusion AMF Deserialization RCE

WooFramework shortcode exploit

ColdFusion FlashGateway Deserialization RCE CVE-2019-7091

WordPress Plugin Form Manager Remote Command Execution (1.7.2)

WordPress Plugin Admin Columns CSV Injection (3.4.6)

Severity

High

Classification

CVE-2012-3152 CVE-2012-3153 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution Directory Listing Acumonitor