Improper Character Conversion in Oracle HTTP Server Affects Oracle Application Server 10g
CVE-2004-1362

Currently unrated

Key Information:

Vendor

Oracle

Vendor
CVE Published:
4 August 2004

What is CVE-2004-1362?

The PL/SQL module within the Oracle HTTP Server for Oracle Application Server 10g is susceptible to an improper character conversion vulnerability. This flaw arises when using the WE8ISO8859P1 character set, which fails to properly convert encoded URLs. By exploiting this vulnerability, attackers can bypass access restrictions on specific procedures by sending %FF encoded sequences that are incorrectly transformed into 'Y' characters. This oversight may permit unauthorized access, necessitating prompt attention to mitigate potential risks.

References

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.