ID de Prueba:	1.3.6.1.4.1.25623.1.0.103974
Categoría:	Web application abuses
Título:	Oracle Forms and Reports Database Vulnerability
Resumen:	Oracle Forms and Reports Database Vulnerability
Descripción:	Summary: Oracle Forms and Reports Database Vulnerability Vulnerability Insight: An undocumented function of the PARSEQUERY function allows to take keymaps that are located in /reports/rwservlet/ and add them to the query which will allow to dump the database passwords. Vulnerability Impact: Unauthenticated remote attackers can dump usernames and passwords of the database. Affected Software/OS: Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 Solution: Apply the patch from Oracle or upgrade to version 12 or higher. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3153 BugTraq ID: 55961 http://www.securityfocus.com/bid/55961 http://www.exploit-db.com/exploits/31253 http://seclists.org/fulldisclosure/2014/Jan/186 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/ XForce ISS Database: fusionmiddleware-reports-cve20123153(79296) https://exchange.xforce.ibmcloud.com/vulnerabilities/79296
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.