Oracle Reports rwservlet vulnerabilities
Description
Oracle Reports rwservlet contains multiple high-severity vulnerabilities that allow unauthenticated remote attackers to compromise the application server. These flaws enable attackers to extract database credentials, enumerate directory contents, access arbitrary files, inject malicious content into user sessions, and execute commands on the underlying system. The vulnerabilities stem from improper input validation and insufficient access controls in the rwservlet component.
Remediation
Apply Oracle's Critical Patch Updates that address CVE-2012-3152 and CVE-2012-3153 immediately. If patches cannot be applied immediately, implement the following compensating controls:
1. Restrict network access to the rwservlet endpoint using firewall rules or web application firewall (WAF) policies to allow only trusted IP addresses
2. Implement strong authentication requirements before allowing access to Oracle Reports functionality
3. Deploy the rwservlet component behind a reverse proxy that validates and sanitizes all input parameters
4. Monitor access logs for suspicious rwservlet requests, particularly those containing directory traversal sequences (../) or unusual parameter values
5. Consider disabling the rwservlet component entirely if it is not required for business operations
Verify remediation by testing that unauthenticated access to rwservlet endpoints is blocked and that previously exploitable parameters no longer accept malicious input.