CVE

Id
9790  
CVE No.
CVE-2004-1362  
Status
Candidate  
Description
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.  
Phase
Assigned (20050107)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
66648 9790 CVE-2004-1362 BUGTRAQ:20041223 Oracle Character Conversion Bugs (#NISR2122004G)  View
66649 9790 CVE-2004-1362 URL:http://marc.info/?l=bugtraq&m=110382306006205&w=2  View
66650 9790 CVE-2004-1362 MISC:http://www.ngssoftware.com/advisories/oracle23122004G.txt  View
66651 9790 CVE-2004-1362 CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf  View
66652 9790 CVE-2004-1362 SUNALERT:101782  View
66653 9790 CVE-2004-1362 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1  View
66654 9790 CVE-2004-1362 CERT:TA04-245A  View
66655 9790 CVE-2004-1362 URL:http://www.us-cert.gov/cas/techalerts/TA04-245A.html  View
66656 9790 CVE-2004-1362 CERT-VN:VU#435974  View
66657 9790 CVE-2004-1362 URL:http://www.kb.cert.org/vuls/id/435974  View
66658 9790 CVE-2004-1362 BID:10871  View
66659 9790 CVE-2004-1362 URL:http://www.securityfocus.com/bid/10871  View
66660 9790 CVE-2004-1362 XF:oracle-character-conversion-gain-privileges(18657)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63012 JVNDB-2004-000354 Oracle 製品の extproc におけるバッファオーバーフローの脆弱性 ------------ CVE-2004-1363 9790 5 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000354.html  View