# Technical Analysis

## 1. Root Cause
Path-Traversal EoP / RCE due to URI normalization inconsistency between Oracle OHS with default configuration and backend WebLogic server.

## 2. Trigger Path
Specially crafted URI request bypasses security constraint on Oracle OHS / Weblogic Server Proxy Plug-in

## 3. Impact Analysis
- Confidentiality Impact: H  
- Integrity Impact: H  
- Availability Impact: N  
- Privilege Required: N  
- Attack Complexity: L  

## 4. Why Existing Protections Failed
URI normalization inconsistency

## 5. Patch / Mitigation Analysis
[Oracle Critical Patch Update Advisory - January 2026](https://www.oracle.com/security-alerts/cpujan2026.html)