CVE-2004-1362

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle8i; Oracle9i; Collaboration Suite
Vendor: CVE Published:; 4 August 2004

Summary

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18657

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/435974

third-party-advisoryx_refsource_CERT-VN

http://www.us-cert.gov/cas/techalerts/TA04-245A.html

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability Reserved
Jan 7, 2005
Vulnerability published
Aug 4, 2004