Vulnerability-Lookup

CVE-2012-3132 (GCVE-0-2012-3132)

Vulnerability from cvelistv5 – Published: 2012-08-10 23:00 – Updated: 2024-08-06 19:57

Summary

SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.

Severity

No CVSS data available.

CWE

Assigner

oracle

References

8 references

URL	Tags
http://www.darkreading.com/database-security/1679…	x_refsource_MISC
http://www.securitytracker.com/id?1027367	vdb-entryx_refsource_SECTRACK
http://www.networkworld.com/news/2012/072712-blac…	x_refsource_MISC
http://www.teamshatter.com/topics/general/team-sh…	x_refsource_MISC
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://blogs.oracle.com/security/entry/security_…	x_refsource_MISC

Date Public

2012-07-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:49.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
          },
          {
            "name": "1027367",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027367"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-18T09:00:00.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
        },
        {
          "name": "1027367",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027367"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2012-3132",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html",
              "refsource": "MISC",
              "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
            },
            {
              "name": "1027367",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027367"
            },
            {
              "name": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html",
              "refsource": "MISC",
              "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
            },
            {
              "name": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/",
              "refsource": "MISC",
              "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
            },
            {
              "name": "MDVSA-2013:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
            },
            {
              "name": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132",
              "refsource": "MISC",
              "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2012-3132",
    "datePublished": "2012-08-10T23:00:00.000Z",
    "dateReserved": "2012-06-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:57:49.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-3132",
      "date": "2026-05-28",
      "epss": "0.00793",
      "percentile": "0.74206"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED41086B-840A-4B39-B249-461A4B00B57B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4AC251D-9313-4A54-9623-51DC0AEC46FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9ACC1D6F-2EDD-4DAA-B9CE-CF516C2B35C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDEDE937-C3D7-421C-9F70-F546AB823E1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D7157D8-4959-4F6C-BFA0-D80862393AA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"165A1F85-076B-4216-8EF8-D67E6EC63A6B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2, y v11.2.0.3, permite a atacantes remotos ejecutar comandos SQL de su elecci\\u00f3n mediante vectores que comprenden CREATE INDEX con un CTXSYS.CONTEXT INDEXTYPE y DBMS_STATS.GATHER_TABLE_STATS.\"}]",
      "id": "CVE-2012-3132",
      "lastModified": "2024-11-21T01:40:16.053",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-08-10T23:55:00.827",
      "references": "[{\"url\": \"http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id?1027367\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1027367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-3132\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2012-08-10T23:55:00.827\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2, y v11.2.0.3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores que comprenden CREATE INDEX con un CTXSYS.CONTEXT INDEXTYPE y DBMS_STATS.GATHER_TABLE_STATS.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED41086B-840A-4B39-B249-461A4B00B57B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4AC251D-9313-4A54-9623-51DC0AEC46FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ACC1D6F-2EDD-4DAA-B9CE-CF516C2B35C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEDE937-C3D7-421C-9F70-F546AB823E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D7157D8-4959-4F6C-BFA0-D80862393AA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"165A1F85-076B-4216-8EF8-D67E6EC63A6B\"}]}]}],\"references\":[{\"url\":\"http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id?1027367\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2012-AVI-429

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Oracle Database Server. L'exploitation de cette vulnérabilité permet à un utilisateur malintentionné d'effectuer une élévation de privilèges et ainsi d'obtenir les droits du compte SYS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les versions 11.2.0.2 et 11.2.0.3 ne sont pas vulnérables si le correctif critique de juillet 2012 a déjà été appliqué.

Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 et 11.2.0.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Alerte de sécurité Oracle du 10 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOracle Database Server versions  10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 et 11.2.0.3.\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les versions 11.2.0.2 et\n11.2.0.3 ne sont pas vuln\u00e9rables si le correctif critique de juillet\n2012 a d\u00e9j\u00e0 \u00e9t\u00e9 appliqu\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2012-3132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3132"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-429",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Oracle Database Server.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\nmalintentionn\u00e9 d\u0027effectuer une \u00e9l\u00e9vation de privil\u00e8ges et ainsi\nd\u0027obtenir les droits du compte \u003cspan class=\"textit\"\u003eSYS\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Oracle du 10 ao\u00fbt 2012",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
    }
  ]
}

CERTA-2012-AVI-577

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Oracle Database Server. L'une d'entre elle permet à un attaquant de récupérer la clef de session et le sel d'un utilisateur. Cela donne des informations sur le hash et rend donc plus facile l'attaque par force brute pour déterminer le mot de passe.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Database Server	Oracle Core RDBMS 11.2.0.3
Oracle	Database Server	Oracle Core RDBMS 11.2.0.2
Oracle	Database Server	Oracle Core RDBMS 10.2.0.4
Oracle	Database Server	Oracle Core RDBMS 10.2.0.5
Oracle	Database Server	Oracle Core RDBMS 11.1.0.7
Oracle	Database Server	Oracle Core RDBMS 10.2.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuoct2012-1515893 du 16 Octobre 2012	None	vendor-advisory
Bulletin de sécurité Oracle cpuoct2012-1515893 du 16 octobre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Core RDBMS 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 11.2.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.5",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3132"
    },
    {
      "name": "CVE-2012-3137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3137"
    },
    {
      "name": "CVE-2012-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1751"
    },
    {
      "name": "CVE-2012-3146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3146"
    },
    {
      "name": "CVE-2012-3151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3151"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16    octobre 2012 :",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
    }
  ],
  "reference": "CERTA-2012-AVI-577",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. L\u0027une d\u0027entre elle permet\n\u00e0 un attaquant de r\u00e9cup\u00e9rer la clef de session et le sel d\u0027un\nutilisateur. Cela donne des informations sur le hash et rend donc plus\nfacile l\u0027attaque par force brute pour d\u00e9terminer le mot de passe.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16 Octobre 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-429

Vulnerability from certfr_avis - Published: - Updated:

Solution

Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 et 11.2.0.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Alerte de sécurité Oracle du 10 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOracle Database Server versions  10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 et 11.2.0.3.\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les versions 11.2.0.2 et\n11.2.0.3 ne sont pas vuln\u00e9rables si le correctif critique de juillet\n2012 a d\u00e9j\u00e0 \u00e9t\u00e9 appliqu\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2012-3132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3132"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-429",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Oracle Database Server.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\nmalintentionn\u00e9 d\u0027effectuer une \u00e9l\u00e9vation de privil\u00e8ges et ainsi\nd\u0027obtenir les droits du compte \u003cspan class=\"textit\"\u003eSYS\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Oracle du 10 ao\u00fbt 2012",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
    }
  ]
}

CERTA-2012-AVI-577

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Database Server	Oracle Core RDBMS 11.2.0.3
Oracle	Database Server	Oracle Core RDBMS 11.2.0.2
Oracle	Database Server	Oracle Core RDBMS 10.2.0.4
Oracle	Database Server	Oracle Core RDBMS 10.2.0.5
Oracle	Database Server	Oracle Core RDBMS 11.1.0.7
Oracle	Database Server	Oracle Core RDBMS 10.2.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuoct2012-1515893 du 16 Octobre 2012	None	vendor-advisory
Bulletin de sécurité Oracle cpuoct2012-1515893 du 16 octobre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Core RDBMS 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 11.2.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.5",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Core RDBMS 10.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3132"
    },
    {
      "name": "CVE-2012-3137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3137"
    },
    {
      "name": "CVE-2012-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1751"
    },
    {
      "name": "CVE-2012-3146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3146"
    },
    {
      "name": "CVE-2012-3151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3151"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16    octobre 2012 :",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
    }
  ],
  "reference": "CERTA-2012-AVI-577",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. L\u0027une d\u0027entre elle permet\n\u00e0 un attaquant de r\u00e9cup\u00e9rer la clef de session et le sel d\u0027un\nutilisateur. Cela donne des informations sur le hash et rend donc plus\nfacile l\u0027attaque par force brute pour d\u00e9terminer le mot de passe.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16 Octobre 2012",
      "url": null
    }
  ]
}

FKIE_CVE-2012-3132

Vulnerability from fkie_nvd - Published: 2012-08-10 23:55 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
secalert_us@oracle.com	http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html
secalert_us@oracle.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
secalert_us@oracle.com	http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html	Vendor Advisory
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
secalert_us@oracle.com	http://www.securitytracker.com/id?1027367
secalert_us@oracle.com	http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/
secalert_us@oracle.com	https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
af854a3a-2127-422b-91ae-364da2661108	http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027367
af854a3a-2127-422b-91ae-364da2661108	http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/
af854a3a-2127-422b-91ae-364da2661108	https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	database_server	10.2.0.3
oracle	database_server	10.2.0.4
oracle	database_server	10.2.0.5
oracle	database_server	11.1.0.7
oracle	database_server	11.2.0.2
oracle	database_server	11.2.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED41086B-840A-4B39-B249-461A4B00B57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AC251D-9313-4A54-9623-51DC0AEC46FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ACC1D6F-2EDD-4DAA-B9CE-CF516C2B35C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7157D8-4959-4F6C-BFA0-D80862393AA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "165A1F85-076B-4216-8EF8-D67E6EC63A6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2, y v11.2.0.3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores que comprenden CREATE INDEX con un CTXSYS.CONTEXT INDEXTYPE y DBMS_STATS.GATHER_TABLE_STATS."
    }
  ],
  "id": "CVE-2012-3132",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-10T23:55:00.827",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id?1027367"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-79XF-RM57-V3F2

Vulnerability from github – Published: 2022-05-17 05:02 – Updated: 2025-04-11 04:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-3132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-10T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.",
  "id": "GHSA-79xf-rm57-v3f2",
  "modified": "2025-04-11T04:00:23Z",
  "published": "2022-05-17T05:02:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3132"
    },
    {
      "type": "WEB",
      "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
    },
    {
      "type": "WEB",
      "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "type": "WEB",
      "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027367"
    },
    {
      "type": "WEB",
      "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-3132

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-3132

Aliases

CVE-2012-3132

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3132",
    "description": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.",
    "id": "GSD-2012-3132",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-3132.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-3132"
      ],
      "details": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.",
      "id": "GSD-2012-3132",
      "modified": "2023-12-13T01:20:21.169667Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2012-3132",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html",
            "refsource": "MISC",
            "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
          },
          {
            "name": "1027367",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027367"
          },
          {
            "name": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html",
            "refsource": "MISC",
            "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
          },
          {
            "name": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/",
            "refsource": "MISC",
            "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
          },
          {
            "name": "MDVSA-2013:150",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132",
            "refsource": "MISC",
            "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2012-3132"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html"
            },
            {
              "name": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html"
            },
            {
              "name": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html"
            },
            {
              "name": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
            },
            {
              "name": "1027367",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027367"
            },
            {
              "name": "MDVSA-2013:150",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-11T03:44Z",
      "publishedDate": "2012-08-10T23:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3132 (GCVE-0-2012-3132)

CERTA-2012-AVI-429

Solution

CERTA-2012-AVI-577

Solution

CERTA-2012-AVI-429

Solution

CERTA-2012-AVI-577

Solution

FKIE_CVE-2012-3132

GHSA-79XF-RM57-V3F2

GSD-2012-3132

Tags

Sightings

Nomenclature