Description

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

Remediation

References

CVE-2012-1675

Related Vulnerabilities

WordPress Plugin Sell Downloads Cross-Site Scripting (1.0.86)

WordPress Plugin WP Super Cache Cross-Site Scripting (1.3)

WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.11)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)

WordPress Plugin WP Customer Reviews Cross-Site Scripting (3.4.2)

Severity

High

Classification

CVE-2012-1675 CWE-264

Tags

Missing Update Known Vulnerabilities