The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with %FF encoded sequences that are improperly converted to Y characters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Application_server | Oracle | * | * |
Application_server | Oracle | 9.0.2 (including) | 9.0.2 (including) |
Application_server | Oracle | 9.0.2.0.0 (including) | 9.0.2.0.0 (including) |
Application_server | Oracle | 9.0.2.0.1 (including) | 9.0.2.0.1 (including) |
Application_server | Oracle | 9.0.2.1 (including) | 9.0.2.1 (including) |
Application_server | Oracle | 9.0.2.2 (including) | 9.0.2.2 (including) |
Application_server | Oracle | 9.0.2.3 (including) | 9.0.2.3 (including) |
Application_server | Oracle | 9.0.3 (including) | 9.0.3 (including) |
Application_server | Oracle | 9.0.3.1 (including) | 9.0.3.1 (including) |
Application_server | Oracle | 9.0.4 (including) | 9.0.4 (including) |
Application_server | Oracle | 9.0.4.0 (including) | 9.0.4.0 (including) |
Application_server | Oracle | 9.0.4.1 (including) | 9.0.4.1 (including) |
Collaboration_suite | Oracle | release_1 (including) | release_1 (including) |
E-business_suite | Oracle | 11.5.1 (including) | 11.5.1 (including) |
E-business_suite | Oracle | 11.5.2 (including) | 11.5.2 (including) |
E-business_suite | Oracle | 11.5.3 (including) | 11.5.3 (including) |
E-business_suite | Oracle | 11.5.4 (including) | 11.5.4 (including) |
E-business_suite | Oracle | 11.5.5 (including) | 11.5.5 (including) |
E-business_suite | Oracle | 11.5.6 (including) | 11.5.6 (including) |
E-business_suite | Oracle | 11.5.7 (including) | 11.5.7 (including) |
E-business_suite | Oracle | 11.5.8 (including) | 11.5.8 (including) |
E-business_suite | Oracle | 11.5.9 (including) | 11.5.9 (including) |
Enterprise_manager | Oracle | 9 (including) | 9 (including) |
Enterprise_manager | Oracle | 9.0.1 (including) | 9.0.1 (including) |
Enterprise_manager_database_control | Oracle | 10.1.2 (including) | 10.1.2 (including) |
Enterprise_manager_grid_control | Oracle | 10.1.0.2 (including) | 10.1.0.2 (including) |
Oracle10g | Oracle | enterprise_9.0.4_.0 (including) | enterprise_9.0.4_.0 (including) |
Oracle10g | Oracle | enterprise_10.1.0.2 (including) | enterprise_10.1.0.2 (including) |
Oracle10g | Oracle | personal_9.0.4_.0 (including) | personal_9.0.4_.0 (including) |
Oracle10g | Oracle | personal_10.1_.0.2 (including) | personal_10.1_.0.2 (including) |
Oracle10g | Oracle | standard_9.0.4_.0 (including) | standard_9.0.4_.0 (including) |
Oracle10g | Oracle | standard_10.1_.0.2 (including) | standard_10.1_.0.2 (including) |
Oracle8i | Oracle | enterprise_8.0.5_.0.0 (including) | enterprise_8.0.5_.0.0 (including) |
Oracle8i | Oracle | enterprise_8.0.6_.0.0 (including) | enterprise_8.0.6_.0.0 (including) |
Oracle8i | Oracle | enterprise_8.0.6_.0.1 (including) | enterprise_8.0.6_.0.1 (including) |
Oracle8i | Oracle | enterprise_8.1.5_.0.0 (including) | enterprise_8.1.5_.0.0 (including) |
Oracle8i | Oracle | enterprise_8.1.5_.0.2 (including) | enterprise_8.1.5_.0.2 (including) |
Oracle8i | Oracle | enterprise_8.1.5_.1.0 (including) | enterprise_8.1.5_.1.0 (including) |
Oracle8i | Oracle | enterprise_8.1.6_.0.0 (including) | enterprise_8.1.6_.0.0 (including) |
Oracle8i | Oracle | enterprise_8.1.6_.1.0 (including) | enterprise_8.1.6_.1.0 (including) |
Oracle8i | Oracle | enterprise_8.1.7_.0.0 (including) | enterprise_8.1.7_.0.0 (including) |
Oracle8i | Oracle | enterprise_8.1.7_.1.0 (including) | enterprise_8.1.7_.1.0 (including) |
Oracle8i | Oracle | enterprise_8.1.7_.4 (including) | enterprise_8.1.7_.4 (including) |
Oracle8i | Oracle | standard_8.0.6 (including) | standard_8.0.6 (including) |
Oracle8i | Oracle | standard_8.0.6_.3 (including) | standard_8.0.6_.3 (including) |
Oracle8i | Oracle | standard_8.1.5 (including) | standard_8.1.5 (including) |
Oracle8i | Oracle | standard_8.1.6 (including) | standard_8.1.6 (including) |
Oracle8i | Oracle | standard_8.1.7 (including) | standard_8.1.7 (including) |
Oracle8i | Oracle | standard_8.1.7_.0.0 (including) | standard_8.1.7_.0.0 (including) |
Oracle8i | Oracle | standard_8.1.7_.1 (including) | standard_8.1.7_.1 (including) |
Oracle8i | Oracle | standard_8.1.7_.4 (including) | standard_8.1.7_.4 (including) |
Oracle9i | Oracle | client_9.2.0.1 (including) | client_9.2.0.1 (including) |
Oracle9i | Oracle | client_9.2.0.2 (including) | client_9.2.0.2 (including) |
Oracle9i | Oracle | enterprise_8.1.7 (including) | enterprise_8.1.7 (including) |
Oracle9i | Oracle | enterprise_9.0.1 (including) | enterprise_9.0.1 (including) |
Oracle9i | Oracle | enterprise_9.0.1.4 (including) | enterprise_9.0.1.4 (including) |
Oracle9i | Oracle | enterprise_9.0.1.5 (including) | enterprise_9.0.1.5 (including) |
Oracle9i | Oracle | enterprise_9.2.0 (including) | enterprise_9.2.0 (including) |
Oracle9i | Oracle | enterprise_9.2.0.1 (including) | enterprise_9.2.0.1 (including) |
Oracle9i | Oracle | enterprise_9.2.0.2 (including) | enterprise_9.2.0.2 (including) |
Oracle9i | Oracle | enterprise_9.2.0.3 (including) | enterprise_9.2.0.3 (including) |
Oracle9i | Oracle | enterprise_9.2.0.4 (including) | enterprise_9.2.0.4 (including) |
Oracle9i | Oracle | enterprise_9.2.0.5 (including) | enterprise_9.2.0.5 (including) |
Oracle9i | Oracle | personal_8.1.7 (including) | personal_8.1.7 (including) |
Oracle9i | Oracle | personal_9.0.1 (including) | personal_9.0.1 (including) |
Oracle9i | Oracle | personal_9.0.1.4 (including) | personal_9.0.1.4 (including) |
Oracle9i | Oracle | personal_9.0.1.5 (including) | personal_9.0.1.5 (including) |
Oracle9i | Oracle | personal_9.2 (including) | personal_9.2 (including) |
Oracle9i | Oracle | personal_9.2.0.1 (including) | personal_9.2.0.1 (including) |
Oracle9i | Oracle | personal_9.2.0.2 (including) | personal_9.2.0.2 (including) |
Oracle9i | Oracle | personal_9.2.0.3 (including) | personal_9.2.0.3 (including) |
Oracle9i | Oracle | personal_9.2.0.4 (including) | personal_9.2.0.4 (including) |
Oracle9i | Oracle | personal_9.2.0.5 (including) | personal_9.2.0.5 (including) |
Oracle9i | Oracle | standard_8.1.7 (including) | standard_8.1.7 (including) |
Oracle9i | Oracle | standard_9.0 (including) | standard_9.0 (including) |
Oracle9i | Oracle | standard_9.0.1 (including) | standard_9.0.1 (including) |
Oracle9i | Oracle | standard_9.0.1.2 (including) | standard_9.0.1.2 (including) |
Oracle9i | Oracle | standard_9.0.1.3 (including) | standard_9.0.1.3 (including) |
Oracle9i | Oracle | standard_9.0.1.4 (including) | standard_9.0.1.4 (including) |
Oracle9i | Oracle | standard_9.0.1.5 (including) | standard_9.0.1.5 (including) |
Oracle9i | Oracle | standard_9.0.2 (including) | standard_9.0.2 (including) |
Oracle9i | Oracle | standard_9.2 (including) | standard_9.2 (including) |
Oracle9i | Oracle | standard_9.2.0.1 (including) | standard_9.2.0.1 (including) |
Oracle9i | Oracle | standard_9.2.0.2 (including) | standard_9.2.0.2 (including) |
Oracle9i | Oracle | standard_9.2.0.3 (including) | standard_9.2.0.3 (including) |
Oracle9i | Oracle | standard_9.2.0.4 (including) | standard_9.2.0.4 (including) |
Oracle9i | Oracle | standard_9.2.0.5 (including) | standard_9.2.0.5 (including) |