README.md
Rendering markdown...
# Technical Analysis
## 1. Root Cause
Path-Traversal EoP / RCE due to URI normalization inconsistency between Oracle OHS with default configuration and backend WebLogic server.
## 2. Trigger Path
Specially crafted URI request bypasses security constraint on Oracle OHS / Weblogic Server Proxy Plug-in
## 3. Impact Analysis
- Confidentiality Impact: H
- Integrity Impact: H
- Availability Impact: N
- Privilege Required: N
- Attack Complexity: L
## 4. Why Existing Protections Failed
URI normalization inconsistency
## 5. Patch / Mitigation Analysis
[Oracle Critical Patch Update Advisory - January 2026](https://www.oracle.com/security-alerts/cpujan2026.html)