CVE-2012-1675

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

Published: May 9, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1675
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
oracle / database_server	10.2.0.4	10.2.0.4.x
oracle / database_server	10.2.0.3	10.2.0.3.x
oracle / database_server	11.2.0.2	11.2.0.2.x
oracle / database_server	10.2.0.5	10.2.0.5.x
oracle / database_server	11.2.0.4	11.2.0.4.x
oracle / database_server	11.2.0.3	11.2.0.3.x
oracle / database_server	11.1.0.7	11.1.0.7.x

Vulnerability Database

289,599

CVE-2012-1675