CVE-2012-1675

Oracle Database Server - Access Control

Title source: rule

Description

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

Exploits (2)

nomisec SCANNER 12 stars
by bongbongco · poc
https://github.com/bongbongco/CVE-2012-1675
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/oracle/tnspoison_checker.rb

References (10)

Scores

EPSS 0.9141
EPSS Percentile 99.7%

Details

CWE
CWE-264
Status published
Products (7)
oracle/database_server 10.2.0.3
oracle/database_server 10.2.0.4
oracle/database_server 10.2.0.5
oracle/database_server 11.1.0.7
oracle/database_server 11.2.0.2
oracle/database_server 11.2.0.3
oracle/database_server 11.2.0.4
Published May 08, 2012
Tracked Since Feb 18, 2026