First published: Wed Aug 04 2004(Updated: )
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Application Server | ||
Oracle Application Server | =9.0.2 | |
Oracle Application Server | =9.0.2.0.0 | |
Oracle Application Server | =9.0.2.0.1 | |
Oracle Application Server | =9.0.2.1 | |
Oracle Application Server | =9.0.2.2 | |
Oracle Application Server | =9.0.2.3 | |
Oracle Application Server | =9.0.3 | |
Oracle Application Server | =9.0.3.1 | |
Oracle Application Server | =9.0.4 | |
Oracle Application Server | =9.0.4.0 | |
Oracle Application Server | =9.0.4.1 | |
Oracle Collaboration Suite | =release_1 | |
Oracle E-Business Suite | =11.5.1 | |
Oracle E-Business Suite | =11.5.2 | |
Oracle E-Business Suite | =11.5.3 | |
Oracle E-Business Suite | =11.5.4 | |
Oracle E-Business Suite | =11.5.5 | |
Oracle E-Business Suite | =11.5.6 | |
Oracle E-Business Suite | =11.5.7 | |
Oracle E-Business Suite | =11.5.8 | |
Oracle E-Business Suite | =11.5.9 | |
Oracle Enterprise Manager | =9 | |
Oracle Enterprise Manager | =9.0.1 | |
Oracle Enterprise Manager Database Control | =10.1.2 | |
Oracle Enterprise Manager Grid Control | =10.1.0.2 | |
Oracle Oracle10g | =enterprise_9.0.4_.0 | |
Oracle Oracle10g | =enterprise_10.1.0.2 | |
Oracle Oracle10g | =personal_9.0.4_.0 | |
Oracle Oracle10g | =personal_10.1_.0.2 | |
Oracle Oracle10g | =standard_9.0.4_.0 | |
Oracle Oracle10g | =standard_10.1_.0.2 | |
Oracle Oracle8i | =enterprise_8.0.5_.0.0 | |
Oracle Oracle8i | =enterprise_8.0.6_.0.0 | |
Oracle Oracle8i | =enterprise_8.0.6_.0.1 | |
Oracle Oracle8i | =enterprise_8.1.5_.0.0 | |
Oracle Oracle8i | =enterprise_8.1.5_.0.2 | |
Oracle Oracle8i | =enterprise_8.1.5_.1.0 | |
Oracle Oracle8i | =enterprise_8.1.6_.0.0 | |
Oracle Oracle8i | =enterprise_8.1.6_.1.0 | |
Oracle Oracle8i | =enterprise_8.1.7_.0.0 | |
Oracle Oracle8i | =enterprise_8.1.7_.1.0 | |
Oracle Oracle8i | =enterprise_8.1.7_.4 | |
Oracle Oracle8i | =standard_8.0.6 | |
Oracle Oracle8i | =standard_8.0.6_.3 | |
Oracle Oracle8i | =standard_8.1.5 | |
Oracle Oracle8i | =standard_8.1.6 | |
Oracle Oracle8i | =standard_8.1.7 | |
Oracle Oracle8i | =standard_8.1.7_.0.0 | |
Oracle Oracle8i | =standard_8.1.7_.1 | |
Oracle Oracle8i | =standard_8.1.7_.4 | |
Oracle Oracle9i | =client_9.2.0.1 | |
Oracle Oracle9i | =client_9.2.0.2 | |
Oracle Oracle9i | =enterprise_8.1.7 | |
Oracle Oracle9i | =enterprise_9.0.1 | |
Oracle Oracle9i | =enterprise_9.0.1.4 | |
Oracle Oracle9i | =enterprise_9.0.1.5 | |
Oracle Oracle9i | =enterprise_9.2.0 | |
Oracle Oracle9i | =enterprise_9.2.0.1 | |
Oracle Oracle9i | =enterprise_9.2.0.2 | |
Oracle Oracle9i | =enterprise_9.2.0.3 | |
Oracle Oracle9i | =enterprise_9.2.0.4 | |
Oracle Oracle9i | =enterprise_9.2.0.5 | |
Oracle Oracle9i | =personal_8.1.7 | |
Oracle Oracle9i | =personal_9.0.1 | |
Oracle Oracle9i | =personal_9.0.1.4 | |
Oracle Oracle9i | =personal_9.0.1.5 | |
Oracle Oracle9i | =personal_9.2 | |
Oracle Oracle9i | =personal_9.2.0.1 | |
Oracle Oracle9i | =personal_9.2.0.2 | |
Oracle Oracle9i | =personal_9.2.0.3 | |
Oracle Oracle9i | =personal_9.2.0.4 | |
Oracle Oracle9i | =personal_9.2.0.5 | |
Oracle Oracle9i | =standard_8.1.7 | |
Oracle Oracle9i | =standard_9.0 | |
Oracle Oracle9i | =standard_9.0.1 | |
Oracle Oracle9i | =standard_9.0.1.2 | |
Oracle Oracle9i | =standard_9.0.1.3 | |
Oracle Oracle9i | =standard_9.0.1.4 | |
Oracle Oracle9i | =standard_9.0.1.5 | |
Oracle Oracle9i | =standard_9.0.2 | |
Oracle Oracle9i | =standard_9.2 | |
Oracle Oracle9i | =standard_9.2.0.1 | |
Oracle Oracle9i | =standard_9.2.0.2 | |
Oracle Oracle9i | =standard_9.2.0.3 | |
Oracle Oracle9i | =standard_9.2.0.4 | |
Oracle Oracle9i | =standard_9.2.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.