The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_server | Oracle | 1.0.2 (including) | 1.0.2 (including) |
| Application_server | Oracle | 1.0.2.1s (including) | 1.0.2.1s (including) |
| Application_server | Oracle | 1.0.2.2 (including) | 1.0.2.2 (including) |
| Application_server | Oracle | 1.0.2.2.2 (including) | 1.0.2.2.2 (including) |
| Application_server | Oracle | 9.0.2 (including) | 9.0.2 (including) |
| Application_server | Oracle | 9.0.2.0.0 (including) | 9.0.2.0.0 (including) |
| Application_server | Oracle | 9.0.2.0.1 (including) | 9.0.2.0.1 (including) |
| Application_server | Oracle | 9.0.2.1 (including) | 9.0.2.1 (including) |
| Application_server | Oracle | 9.0.2.2 (including) | 9.0.2.2 (including) |
| Application_server | Oracle | 9.0.2.3 (including) | 9.0.2.3 (including) |
| Application_server | Oracle | 9.0.3 (including) | 9.0.3 (including) |
| Application_server | Oracle | 9.0.3.1 (including) | 9.0.3.1 (including) |
| Http_server | Oracle | 8.1.7 (including) | 8.1.7 (including) |
| Http_server | Oracle | 9.0.1 (including) | 9.0.1 (including) |
| Http_server | Oracle | 9.2.0 (including) | 9.2.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=108067040722235\u0026w=2
- http://www.securityfocus.com/bid/10009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15676
- http://marc.info/?l=bugtraq\u0026m=108067040722235\u0026w=2
- http://www.securityfocus.com/bid/10009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15676