Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1362

Published: 04/08/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote malicious users to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle application server

oracle application server 9.0.2

oracle application server 9.0.3.1

oracle application server 9.0.4

oracle e-business suite 11.5.4

oracle e-business suite 11.5.5

oracle enterprise manager grid control 10.1.0.2

oracle oracle10g enterprise_10.1.0.2

oracle oracle8i enterprise_8.0.6_.0.0

oracle oracle8i enterprise_8.0.6_.0.1

oracle oracle8i enterprise_8.1.7_.1.0

oracle oracle8i enterprise_8.1.7_.4

oracle oracle8i standard_8.0.6

oracle application server 9.0.2.1

oracle application server 9.0.2.2

oracle collaboration suite release_1

oracle e-business suite 11.5.1

oracle e-business suite 11.5.9

oracle enterprise manager 9

oracle oracle10g personal_9.0.4_.0

oracle oracle10g standard_10.1_.0.2

oracle oracle8i enterprise_8.1.5_.1.0

oracle oracle8i enterprise_8.1.6_.0.0

oracle oracle8i standard_8.1.6

oracle oracle8i standard_8.1.7

oracle oracle9i enterprise_9.0.1

oracle oracle9i enterprise_9.0.1.4

oracle oracle9i enterprise_9.2.0.5

oracle oracle9i personal_8.1.7

oracle oracle9i personal_9.2.0.4

oracle oracle9i personal_9.2.0.5

oracle oracle9i standard_9.0.1.5

oracle oracle9i standard_9.0.2

oracle oracle8i standard_8.1.7_.4

oracle oracle9i client_9.2.0.1

oracle oracle9i enterprise_9.2.0.1

oracle oracle9i enterprise_9.2.0.2

oracle oracle9i personal_9.0.1.5

oracle oracle9i personal_9.2

oracle oracle9i personal_9.2.0.1

oracle oracle9i standard_9.0.1

oracle oracle9i standard_9.0.1.2

oracle oracle9i standard_9.2.0.2

oracle oracle9i standard_9.2.0.3

oracle application server 9.0.2.0.0

oracle application server 9.0.2.0.1

oracle application server 9.0.4.0

oracle application server 9.0.4.1

oracle e-business suite 11.5.6

oracle e-business suite 11.5.7

oracle e-business suite 11.5.8

oracle oracle10g enterprise_9.0.4_.0

oracle oracle10g personal_10.1_.0.2

oracle oracle8i enterprise_8.1.5_.0.0

oracle oracle8i enterprise_8.1.5_.0.2

oracle oracle8i standard_8.0.6_.3

oracle oracle8i standard_8.1.5

oracle oracle9i client_9.2.0.2

oracle oracle9i enterprise_8.1.7

oracle oracle9i enterprise_9.2.0.3

oracle oracle9i enterprise_9.2.0.4

oracle oracle9i personal_9.2.0.2

oracle oracle9i personal_9.2.0.3

oracle oracle9i standard_9.0.1.3

oracle oracle9i standard_9.0.1.4

oracle oracle9i standard_9.2.0.4

oracle oracle9i standard_9.2.0.5

oracle application server 9.0.2.3

oracle application server 9.0.3

oracle e-business suite 11.5.2

oracle e-business suite 11.5.3

oracle enterprise manager 9.0.1

oracle enterprise manager database control 10.1.2

oracle oracle10g standard_9.0.4_.0

oracle oracle8i enterprise_8.0.5_.0.0

oracle oracle8i enterprise_8.1.6_.1.0

oracle oracle8i enterprise_8.1.7_.0.0

oracle oracle8i standard_8.1.7_.0.0

oracle oracle8i standard_8.1.7_.1

oracle oracle9i enterprise_9.0.1.5

oracle oracle9i enterprise_9.2.0

oracle oracle9i personal_9.0.1

oracle oracle9i personal_9.0.1.4

oracle oracle9i standard_8.1.7

oracle oracle9i standard_9.0

oracle oracle9i standard_9.2

oracle oracle9i standard_9.2.0.1

References

NVD-CWE-Otherhttp://www.ngssoftware.com/advisories/oracle23122004G.txthttp://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdfhttp://www.us-cert.gov/cas/techalerts/TA04-245A.htmlhttp://www.securityfocus.com/bid/10871http://www.kb.cert.org/vuls/id/435974http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1http://marc.info/?l=bugtraq&m=110382306006205&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18657https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook