Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.Referenceshttp://marc.info/?l=ntbugtraq&m=94390053530890&w=2http://marc.info/?l=bugtraq&m=94359982417686&w=2http://www.securityfocus.com/bid/841
