7.5
CVE-2004-1362
- EPSS 4%
- Published 04.08.2004 04:00:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Application Server Version9.0.2
Oracle ≫ Application Server Version9.0.2.0.0
Oracle ≫ Application Server Version9.0.2.0.1
Oracle ≫ Application Server Version9.0.2.1
Oracle ≫ Application Server Version9.0.2.2
Oracle ≫ Application Server Version9.0.2.3
Oracle ≫ Application Server Version9.0.3
Oracle ≫ Application Server Version9.0.3.1
Oracle ≫ Application Server Version9.0.4
Oracle ≫ Application Server Version9.0.4.0
Oracle ≫ Application Server Version9.0.4.1
Oracle ≫ Collaboration Suite Versionrelease_1
Oracle ≫ E-business Suite Version11.5.1
Oracle ≫ E-business Suite Version11.5.2
Oracle ≫ E-business Suite Version11.5.3
Oracle ≫ E-business Suite Version11.5.4
Oracle ≫ E-business Suite Version11.5.5
Oracle ≫ E-business Suite Version11.5.6
Oracle ≫ E-business Suite Version11.5.7
Oracle ≫ E-business Suite Version11.5.8
Oracle ≫ E-business Suite Version11.5.9
Oracle ≫ Enterprise Manager Version9
Oracle ≫ Enterprise Manager Version9.0.1
Oracle ≫ Enterprise Manager Database Control Version10.1.2
Oracle ≫ Enterprise Manager Grid Control Version10.1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4% | 0.88 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|