Improper Character Conversion in Oracle HTTP Server Affects Oracle Application Server 10g
CVE-2004-1362

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
4 August 2004

Summary

The PL/SQL module within the Oracle HTTP Server for Oracle Application Server 10g is susceptible to an improper character conversion vulnerability. This flaw arises when using the WE8ISO8859P1 character set, which fails to properly convert encoded URLs. By exploiting this vulnerability, attackers can bypass access restrictions on specific procedures by sending %FF encoded sequences that are incorrectly transformed into 'Y' characters. This oversight may permit unauthorized access, necessitating prompt attention to mitigate potential risks.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.