CVE-2012-1675
Description
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka TNS Poison.
Risk Information
Base Score
8.1
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
91.967
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Oracle 10.2.0.3 | Windows |
| Multiple Vulnerabilities are affected in Oracle 10.2.0.4 | Windows |
| Multiple Vulnerabilities are affected in Oracle 10.2.0.5 | Windows |
| Multiple Vulnerabilities are affected in Oracle 11.1.0.7 | Windows |
| Multiple Vulnerabilities are affected in Oracle 11.2.0.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle 11.2.0.3 | Windows |
| Multiple Vulnerabilities are affected in Oracle 11.2.0.4 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 10.2.0.4 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 10.2.0.5 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 10.2.0.3 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 11.1.0.7 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 11.2.0.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 11.2.0.3 | Windows |
| Multiple Vulnerabilities are affected in Oracle Database Server 11.2.0.4 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234