Improper Character Conversion in Oracle HTTP Server Affects Oracle Application Server 10g
CVE-2004-1362
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 4 August 2004
Summary
The PL/SQL module within the Oracle HTTP Server for Oracle Application Server 10g is susceptible to an improper character conversion vulnerability. This flaw arises when using the WE8ISO8859P1 character set, which fails to properly convert encoded URLs. By exploiting this vulnerability, attackers can bypass access restrictions on specific procedures by sending %FF encoded sequences that are incorrectly transformed into 'Y' characters. This oversight may permit unauthorized access, necessitating prompt attention to mitigate potential risks.
References
Timeline
Vulnerability Reserved
Vulnerability published