CVE-2012-3137

Oracle Database Server - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-3137. PoCs published by Esteban Martinez Fayo, r1-, hantwister.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Oracle Database 11g by decrypting session IDs using a list of common passwords. It leverages AES decryption with a SHA1-derived key to validate the password.

Description

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

Exploits (3)

exploitdb WORKING POC
by Esteban Martinez Fayo · pythonlocalmultiple
https://www.exploit-db.com/exploits/22069

This exploit demonstrates an authentication bypass vulnerability in Oracle Database 11g by decrypting session IDs using a list of common passwords. It leverages AES decryption with a SHA1-derived key to validate the password.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database 11g Release 1 and 11g Release 2
No auth needed
Prerequisites: Network access to the Oracle Database · Knowledge of common passwords
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by r1- · poc
https://github.com/r1-/cve-2012-3137

This PoC exploits CVE-2012-3137, a vulnerability in Oracle TNS Listener, by crafting malicious TNS packets to trigger a buffer overflow, potentially leading to remote code execution. The script establishes a connection and sends specially crafted packets to manipulate the protocol negotiation phase.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle TNS Listener (versions affected by CVE-2012-3137)
No auth needed
Prerequisites: Network access to the target Oracle TNS Listener · Target must be running a vulnerable version of Oracle TNS Listener
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by hantwister · poc
https://github.com/hantwister/o5logon-fetch

This repository contains a proof-of-concept for CVE-2012-3137, which exploits a vulnerability in Oracle's authentication protocol. The code implements a man-in-the-middle (MitM) attack framework to intercept and manipulate network traffic.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database Server (versions affected by CVE-2012-3137)
No auth needed
Prerequisites: Network access to intercept traffic between client and Oracle server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/22069
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55651
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.3144
EPSS Percentile 98.1%

Details

CWE
CWE-287
Status published
Products (9)
oracle/database_server 10.2.0.3
oracle/database_server 10.2.0.4
oracle/database_server 10.2.0.5
oracle/database_server 11.1.0.7
oracle/database_server 11.2.0.2
oracle/database_server 11.2.0.3
oracle/primavera_p6_enterprise_project_portfolio_management 8.2
oracle/primavera_p6_enterprise_project_portfolio_management 8.3
oracle/primavera_p6_enterprise_project_portfolio_management 8.4
Published Sep 21, 2012
Tracked Since Feb 18, 2026