CVE-2012-3153

EXPLOITED NUCLEI

Oracle Forms and Reports Remote Code Execution

Title source: metasploit

Description

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.

Exploits (3)

exploitdb WORKING POC
by Mekanismen · rubyremotejsp
https://www.exploit-db.com/exploits/31253
nomisec WORKING POC 8 stars
by Mekanismen · remote-auth
https://github.com/Mekanismen/pwnacle-fusion
metasploit WORKING POC GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/oracle_reports_rce.rb

Nuclei Templates (1)

Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
MEDIUMby Sid Ahmed MALAOUI @ Realistic Security
Shodan: http.title:"weblogic" || http.html:"weblogic application server"
FOFA: title="weblogic" || body="weblogic application server"

References (8)

Scores

EPSS 0.9121
EPSS Percentile 99.7%

Details

VulnCheck KEV 2025-06-07
Status published
Products (3)
oracle/fusion_middleware 11.1.1.4.0
oracle/fusion_middleware 11.1.1.6.0
oracle/fusion_middleware 11.1.2.0
Published Oct 16, 2012
Tracked Since Feb 18, 2026