The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
2004-08-04T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | oracle | application_server | * | Yes |
| Application | oracle | application_server | 9.0.2 | Yes |
| Application | oracle | application_server | 9.0.2.0.0 | Yes |
| Application | oracle | application_server | 9.0.2.0.1 | Yes |
| Application | oracle | application_server | 9.0.2.1 | Yes |
| Application | oracle | application_server | 9.0.2.2 | Yes |
| Application | oracle | application_server | 9.0.2.3 | Yes |
| Application | oracle | application_server | 9.0.3 | Yes |
| Application | oracle | application_server | 9.0.3.1 | Yes |
| Application | oracle | application_server | 9.0.4 | Yes |
| Application | oracle | application_server | 9.0.4.0 | Yes |
| Application | oracle | application_server | 9.0.4.1 | Yes |
| Application | oracle | collaboration_suite | release_1 | Yes |
| Application | oracle | e-business_suite | 11.5.1 | Yes |
| Application | oracle | e-business_suite | 11.5.2 | Yes |
| Application | oracle | e-business_suite | 11.5.3 | Yes |
| Application | oracle | e-business_suite | 11.5.4 | Yes |
| Application | oracle | e-business_suite | 11.5.5 | Yes |
| Application | oracle | e-business_suite | 11.5.6 | Yes |
| Application | oracle | e-business_suite | 11.5.7 | Yes |
| Application | oracle | e-business_suite | 11.5.8 | Yes |
| Application | oracle | e-business_suite | 11.5.9 | Yes |
| Application | oracle | enterprise_manager | 9 | Yes |
| Application | oracle | enterprise_manager | 9.0.1 | Yes |
| Application | oracle | enterprise_manager_database_control | 10.1.2 | Yes |
| Application | oracle | enterprise_manager_grid_control | 10.1.0.2 | Yes |
| Application | oracle | oracle10g | enterprise_9.0.4_.0 | Yes |
| Application | oracle | oracle10g | enterprise_10.1.0.2 | Yes |
| Application | oracle | oracle10g | personal_9.0.4_.0 | Yes |
| Application | oracle | oracle10g | personal_10.1_.0.2 | Yes |
| Application | oracle | oracle10g | standard_9.0.4_.0 | Yes |
| Application | oracle | oracle10g | standard_10.1_.0.2 | Yes |
| Application | oracle | oracle8i | enterprise_8.0.5_.0.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.0.6_.0.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.0.6_.0.1 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.5_.0.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.5_.0.2 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.5_.1.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.6_.0.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.6_.1.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.7_.0.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.7_.1.0 | Yes |
| Application | oracle | oracle8i | enterprise_8.1.7_.4 | Yes |
| Application | oracle | oracle8i | standard_8.0.6 | Yes |
| Application | oracle | oracle8i | standard_8.0.6_.3 | Yes |
| Application | oracle | oracle8i | standard_8.1.5 | Yes |
| Application | oracle | oracle8i | standard_8.1.6 | Yes |
| Application | oracle | oracle8i | standard_8.1.7 | Yes |
| Application | oracle | oracle8i | standard_8.1.7_.0.0 | Yes |
| Application | oracle | oracle8i | standard_8.1.7_.1 | Yes |
| Application | oracle | oracle8i | standard_8.1.7_.4 | Yes |
| Application | oracle | oracle9i | client_9.2.0.1 | Yes |
| Application | oracle | oracle9i | client_9.2.0.2 | Yes |
| Application | oracle | oracle9i | enterprise_8.1.7 | Yes |
| Application | oracle | oracle9i | enterprise_9.0.1 | Yes |
| Application | oracle | oracle9i | enterprise_9.0.1.4 | Yes |
| Application | oracle | oracle9i | enterprise_9.0.1.5 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0.1 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0.2 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0.3 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0.4 | Yes |
| Application | oracle | oracle9i | enterprise_9.2.0.5 | Yes |
| Application | oracle | oracle9i | personal_8.1.7 | Yes |
| Application | oracle | oracle9i | personal_9.0.1 | Yes |
| Application | oracle | oracle9i | personal_9.0.1.4 | Yes |
| Application | oracle | oracle9i | personal_9.0.1.5 | Yes |
| Application | oracle | oracle9i | personal_9.2 | Yes |
| Application | oracle | oracle9i | personal_9.2.0.1 | Yes |
| Application | oracle | oracle9i | personal_9.2.0.2 | Yes |
| Application | oracle | oracle9i | personal_9.2.0.3 | Yes |
| Application | oracle | oracle9i | personal_9.2.0.4 | Yes |
| Application | oracle | oracle9i | personal_9.2.0.5 | Yes |
| Application | oracle | oracle9i | standard_8.1.7 | Yes |
| Application | oracle | oracle9i | standard_9.0 | Yes |
| Application | oracle | oracle9i | standard_9.0.1 | Yes |
| Application | oracle | oracle9i | standard_9.0.1.2 | Yes |
| Application | oracle | oracle9i | standard_9.0.1.3 | Yes |
| Application | oracle | oracle9i | standard_9.0.1.4 | Yes |
| Application | oracle | oracle9i | standard_9.0.1.5 | Yes |
| Application | oracle | oracle9i | standard_9.0.2 | Yes |
| Application | oracle | oracle9i | standard_9.2 | Yes |
| Application | oracle | oracle9i | standard_9.2.0.1 | Yes |
| Application | oracle | oracle9i | standard_9.2.0.2 | Yes |
| Application | oracle | oracle9i | standard_9.2.0.3 | Yes |
| Application | oracle | oracle9i | standard_9.2.0.4 | Yes |
| Application | oracle | oracle9i | standard_9.2.0.5 | Yes |