Oracle HTTP Server Is Decoding %2f Appearing In A Request URI (Doc ID 759416.1)

Last updated on JANUARY 25, 2017

Applies to:

Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Oracle HTTP Server - Version 11.1.1.1.0 and later
Oracle WebLogic Server - Version 10.3.1 and later
Information in this document applies to any platform.

Symptoms

When trying to access a URL that has %2f as escaped forward slash, Oracle HTTP server always un-escape the character. As a result of this behavior a 404 error is returned to the web browser as the modified url does not exist on the server.

The issue can be reproduced at will with following steps:


1. Create a html page named as below in htdocs directory: test%2fhello.html
2. Type in url http://hostname/test%2fhello.html in a browser and the OHS returns 404. The log file of HTTP server shows the url has been unescaped to http://hostname/test/hello.html

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms