mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 09:12:00 +00:00
107 lines
4.0 KiB
JSON
107 lines
4.0 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert_us@oracle.com",
|
|
"ID": "CVE-2012-1675",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka \"TNS Poison.\""
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "SUSE-SU-2012:0765",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html"
|
|
},
|
|
{
|
|
"name": "53308",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/53308"
|
|
},
|
|
{
|
|
"name": "1027000",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id?1027000"
|
|
},
|
|
{
|
|
"name": "20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available",
|
|
"refsource": "FULLDISC",
|
|
"url": "http://seclists.org/fulldisclosure/2012/Apr/343"
|
|
},
|
|
{
|
|
"name": "https://blogs.oracle.com/security/entry/security_alert_for_cve_2012",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://blogs.oracle.com/security/entry/security_alert_for_cve_2012"
|
|
},
|
|
{
|
|
"name": "VU#359816",
|
|
"refsource": "CERT-VN",
|
|
"url": "http://www.kb.cert.org/vuls/id/359816"
|
|
},
|
|
{
|
|
"name": "20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison",
|
|
"refsource": "FULLDISC",
|
|
"url": "http://seclists.org/fulldisclosure/2012/Apr/204"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html"
|
|
},
|
|
{
|
|
"name": "MDVSA-2013:150",
|
|
"refsource": "MANDRIVA",
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
|
|
},
|
|
{
|
|
"name": "oracledatabase-tnslistener-spoofing(75303)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75303"
|
|
}
|
|
]
|
|
}
|
|
} |