Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
http://www.securityfocus.com/bid/3727
http://www.securityfocus.com/archive/1/246663
http://www.kb.cert.org/vuls/id/758483