The 2012 Pwnie Nominee For Best Server-Side Bug

TNS Poison Attack (CVE-2012-1675)

Credit: Joxean Koret

Oracle TNS Listener vulnerabilities bring a tear to our eye. Joxean’s attack is basically the forbidden love child between DNS poisoning and those classic TNS Listener vulnerabilities, allowing you to MITM connections to the database from across the Internet.

(CVE-2012-1675)