CVE-2012-1675

Oracle Database Server Remote Command Execution via TNS Listener Poisoning

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1675. PoCs published by bongbongco, including Metasploit module auxiliary/scanner/oracle/tnspoison_checker.

AI-analyzed exploit summary This repository provides a reference to an Nmap script for detecting Oracle Database TNS Listener Poison Attack Vulnerability (CVE-2012-1675). It includes a command to run the script and a link to a detailed paper on the vulnerability.

Description

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

Exploits (2)

nomisec SCANNER 12 stars
by bongbongco · poc
https://github.com/bongbongco/CVE-2012-1675

This repository provides a reference to an Nmap script for detecting Oracle Database TNS Listener Poison Attack Vulnerability (CVE-2012-1675). It includes a command to run the script and a link to a detailed paper on the vulnerability.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Oracle Database TNS Listener
No auth needed
Prerequisites: Nmap with the oracle-tns-poison script installed · Network access to the target Oracle Database TNS Listener
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/oracle/tnspoison_checker.rb

This Metasploit auxiliary module checks for Oracle TNS Listener vulnerability (CVE-2012-1675) by sending a service registration packet and analyzing the response. It does not exploit the vulnerability but scans for its presence.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Oracle TNS Listener
No auth needed
Prerequisites: Network access to the target Oracle TNS Listener (default port 1521)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53308
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027000
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Apr/343
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/359816
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Apr/204
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.7763
EPSS Percentile 99.5%

Details

CWE
CWE-264
Status published
Products (7)
oracle/database_server 10.2.0.3
oracle/database_server 10.2.0.4
oracle/database_server 10.2.0.5
oracle/database_server 11.1.0.7
oracle/database_server 11.2.0.2
oracle/database_server 11.2.0.3
oracle/database_server 11.2.0.4
Published May 08, 2012
Tracked Since Feb 18, 2026