VDB

CVE-2012-1675

CVE-2012-1675 PUBLISHED CVSS 7.5 HIGH

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

EPSS 91.41% · 99.7th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
91.41%
99.7th percentile

Affected Products

VendorProductVersions
oracledatabase_server11.2.0.2, 10.2.0.3, 10.2.0.4
n/an/an/a

Timeline

  • CVE Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Sep 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›