NVD

Id
71741  
Name
CVE-2004-1362  
Description
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2004-08-04  
Modified Date
2017-07-10  
Seq
2004-1362  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
370949 71741 CVE-2004-1362 20041223 Oracle Character Conversion Bugs (#NISR2122004G)  View
370950 71741 CVE-2004-1362 101782  View
370951 71741 CVE-2004-1362 VU#435974  View
370952 71741 CVE-2004-1362 http://www.ngssoftware.com/advisories/oracle23122004G.txt  View
370953 71741 CVE-2004-1362 http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf  View
370954 71741 CVE-2004-1362 10871  View
370955 71741 CVE-2004-1362 TA04-245A  View
370956 71741 CVE-2004-1362 oracle-character-conversion-gain-privileges(18657)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
63011 JVNDB-2004-000353 Oracle HTTP Server の PL/SQL モジュールにおけるアクセス制限を回避される脆弱性 ------------ CVE-2004-1362 9789 CVE-2004-1362 71741 7.5 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000353.html 2004-08-31 2007-04-01 View