CVE-2012-3153

EPSS 91.20% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2012-3153

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Fusion Middleware Oracle Reports Developer组件未明安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。 Oracle Fusion Middleware 11.1.1.4、11.1.1.6、11.1.2.0版本中的Oracle Reports Developer组件中存在未明漏洞。远程攻击者可利用该漏洞通过与Servlet有关的未知向量，影响保密性和完整性。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2012-3153

#	POC Description	Source Link	Shenlong Link
1	Automated exploit for CVE-2012-3153 / CVE-2012-3152	https://github.com/Mekanismen/pwnacle-fusion	POC Details
2	An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2012/CVE-2012-3153.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2012-3153

Please Login to view more intelligence information

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlx_refsource_CONFIRM
🔗 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/x_refsource_MISC
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/x_refsource_MISC
http://www.exploit-db.com/exploits/31253exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/55961vdb-entryx_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150vendor-advisoryx_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/79296vdb-entryx_refsource_XF
🔗 http://seclists.org/fulldisclosure/2014/Jan/186mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2012-3153

Same Patch Batch · n/a · 2012-10-16 · 67 CVEs total

CVE-2012-5067		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5086		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5085		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5084		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5073		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5072		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5071		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5070		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5069		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5068		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-5074		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-4416		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-3216		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-3159		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-3143		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-1533		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-1532		Oracle Java SE JRE组件未明安全漏洞
CVE-2012-1531		Oracle Java SE JRE组件未明漏洞
CVE-2012-3162		Oracle E-Business Suite Oracle Applications Framework组件未明安全漏洞
CVE-2012-3161		Oracle Supply Chain Products Suite Oracle Agile PLM Framework组件未明安全漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2012-3153

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2012-3153

I. Basic Information for CVE-2012-3153

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2012-3153

III. Intelligence Information for CVE-2012-3153

Same Patch Batch · n/a · 2012-10-16 · 67 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2012-3153

Leave a comment