Vulnerabilities > CVE-2012-0512 - SQL Injection vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
oracle
nessus
NVD
Published: 2012-05-03
Updated: 2013-10-11

Summary

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyDatabases
NASL idORACLE_RDBMS_CPU_APR_2012.NASL
descriptionThe remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components : - Core RDBMS - Oracle Spatial - OCI - Enterprise Manager Base Platform - Application Express
last seen2020-06-02
modified2012-04-19
plugin id58798
published2012-04-19
reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/58798
titleOracle Database Multiple Vulnerabilities (April 2012 CPU)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(58798);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

  script_cve_id(
    "CVE-2012-0510",
    "CVE-2012-0511",
    "CVE-2012-0512",
    "CVE-2012-0519",
    "CVE-2012-0520",
    "CVE-2012-0525",
    "CVE-2012-0526",
    "CVE-2012-0527",
    "CVE-2012-0528",
    "CVE-2012-0534",
    "CVE-2012-0552",
    "CVE-2012-1708"
  );
  script_bugtraq_id(
    53063,
    53072,
    53076,
    53081,
    53084,
    53089,
    53090,
    53092,
    53093,
    53097,
    53101,
    53104
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (April 2012 CPU)");
  script_summary(english:"Checks installed patch info");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple
vulnerabilities.");

  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the April 2012 Critical
Patch Update (CPU) and is, therefore, potentially affected by security
issues in the following components :

  - Core RDBMS

  - Oracle Spatial

  - OCI

  - Enterprise Manager Base Platform

  - Application Express");

  # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sql-injection-in-oracle-enterprise-manager-searchpage-web-page/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9e3b595");
  # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-http-response-splitting-in-oem-prevpage/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a38b382b");
  # https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83822adc");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2012 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/19");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# APR2012
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.11", "CPU", "13632731, 13621679");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715809");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715810");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.6", "CPU", "13632725, 13696224");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697073");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697074");
# RDBMS 11.2.0.3
patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.2", "CPU", "13632717, 13696216");
patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885388");
patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885389");
# RDBMS 10.2.0.5
patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.7", "CPU", "13632738, 13632743");
patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654814");
patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654815");
# RDBMS 10.2.0.4
patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.12", "CPU", "12879926, 12879933");
patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928775");
patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928776");

check_oracle_database(patches:patches, high_risk:TRUE);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/112002/shatter-oemsqlcwfc.txt
idPACKETSTORM:112002
last seen2016-12-05
published2012-04-19
reporterEsteban Martinez Fayo
sourcehttps://packetstormsecurity.com/files/112002/Oracle-Enterprise-Manager-compareWizFirstConfig-SQL-injection.html
titleOracle Enterprise Manager compareWizFirstConfig SQL injection

References