CVE-1999-1547

Oracle Web Listener 2.1 - Unauthenticated Access Restriction Bypass via Hex-Encoded URL Characters

Title source: llm
STIX 2.1

Description

Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94359982417686&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/841
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=94390053530890&w=2

Scores

EPSS 0.0967
EPSS Percentile 94.9%

Details

CWE
CWE-20
Status published
Products (1)
oracle/web_listener 2.1
Published Nov 25, 1999
Tracked Since Feb 18, 2026