VDB
CVE-2012-1675
CVE-2012-1675
PUBLISHED
CVSS 7.5 HIGH
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
EPSS 91.41% · 99.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
91.41%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | database_server | 11.2.0.2, 10.2.0.3, 10.2.0.4 |
| n/a | n/a | n/a |
Timeline
- CVE Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- SUSE-SU-2012:0765 vendor-advisory
- 53308 vdb
- 1027000 vdb
- 20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available mailing-list
- https://blogs.oracle.com/security/entry/security_alert_for_cve_2012 url
- VU#359816 third-party-advisory
- 20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison mailing-list
- http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html url
- MDVSA-2013:150 vendor-advisory
- oracledatabase-tnslistener-spoofing(75303) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-1675 advisory