CVE-2004-1362

Published: 04/08/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote malicious users to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle oracle10g standard 9.0.4 .0
oracle oracle8i standard 8.1.7 .4
oracle oracle9i standard 9.0.2
oracle oracle9i standard 9.0.1.4
oracle collaboration suite release 1
oracle application server 9.0.2.1
oracle oracle8i enterprise 8.1.6 .0.0
oracle oracle9i personal 8.1.7
oracle application server
oracle oracle9i client 9.2.0.2
oracle application server 9.0.2.0.0
oracle e-business suite 11.5.5
oracle oracle9i client 9.2.0.1
oracle enterprise manager 9.0.1
oracle oracle9i enterprise 9.2.0.5
oracle oracle9i personal 9.2.0.1
oracle oracle9i personal 9.2.0.2
oracle oracle9i personal 9.2.0.5
oracle oracle8i standard 8.0.6
oracle application server 9.0.4
oracle e-business suite 11.5.4
oracle oracle8i enterprise 8.1.5 .1.0
oracle oracle9i personal 9.0.1.5
oracle oracle10g personal 10.1 .0.2
oracle oracle8i standard 8.1.6
oracle oracle9i standard 9.0.1
oracle oracle9i standard 9.2.0.3
oracle oracle9i enterprise 9.2.0.2
oracle oracle9i enterprise 9.2.0.4
oracle oracle9i enterprise 9.0.1.5
oracle oracle9i personal 9.2
oracle oracle9i standard 9.0
oracle application server 9.0.2.3
oracle e-business suite 11.5.2
oracle application server 9.0.4.1
oracle e-business suite 11.5.7
oracle oracle9i standard 9.2.0.1
oracle application server 9.0.2.0.1
oracle oracle10g personal 9.0.4 .0
oracle oracle9i standard 9.2
oracle application server 9.0.4.0
oracle e-business suite 11.5.1
oracle oracle9i enterprise 9.0.1
oracle oracle9i standard 9.0.1.2
oracle oracle9i standard 9.2.0.4
oracle oracle9i enterprise 9.2.0
oracle enterprise manager 9
oracle oracle9i standard 9.2.0.5
oracle oracle8i standard 8.1.7 .1
oracle oracle8i enterprise 8.1.7 .1.0
oracle oracle8i enterprise 8.1.5 .0.2
oracle oracle8i enterprise 8.1.6 .1.0
oracle oracle9i standard 8.1.7
oracle oracle9i enterprise 8.1.7
oracle application server 9.0.2.2
oracle oracle10g standard 10.1 .0.2
oracle application server 9.0.2
oracle oracle9i personal 9.0.1
oracle oracle8i enterprise 8.1.7 .0.0
oracle e-business suite 11.5.8
oracle oracle8i standard 8.0.6 .3
oracle oracle9i standard 9.0.1.3
oracle application server 9.0.3
oracle oracle9i personal 9.2.0.4
oracle oracle8i standard 8.1.7 .0.0
oracle oracle9i standard 9.2.0.2
oracle oracle8i enterprise 8.1.7 .4
oracle application server 9.0.3.1
oracle oracle10g enterprise 10.1.0.2
oracle oracle9i enterprise 9.2.0.3
oracle enterprise manager grid control 10.1.0.2
oracle e-business suite 11.5.9
oracle enterprise manager database control 10.1.2
oracle oracle9i personal 9.0.1.4
oracle oracle10g enterprise 9.0.4 .0
oracle oracle9i personal 9.2.0.3
oracle oracle8i enterprise 8.0.6 .0.0
oracle e-business suite 11.5.6
oracle e-business suite 11.5.3
oracle oracle8i enterprise 8.1.5 .0.0
oracle oracle9i enterprise 9.2.0.1
oracle oracle8i standard 8.1.7
oracle oracle9i standard 9.0.1.5
oracle oracle8i enterprise 8.0.6 .0.1
oracle oracle8i enterprise 8.0.5 .0.0
oracle oracle8i standard 8.1.5
oracle oracle9i enterprise 9.0.1.4

NVD-CWE-Other http://www.ngssoftware.com/advisories/oracle23122004G.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.us-cert.gov/cas/techalerts/TA04-245A.html http://www.securityfocus.com/bid/10871 http://www.kb.cert.org/vuls/id/435974 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://marc.info/?l=bugtraq&m=110382306006205&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18657 https://nvd.nist.gov

Get Started

CVE-2004-1362

Vulnerability Summary

References

Vulmon Search

About

Products

Connect