CVE Vulnerabilities

CVE-2004-1877

Published: Mar 30, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Affected Software

Name Vendor Start Version End Version
Application_server Oracle 1.0.2 1.0.2
Application_server Oracle 1.0.2.1s 1.0.2.1s
Application_server Oracle 1.0.2.2 1.0.2.2
Application_server Oracle 1.0.2.2.2 1.0.2.2.2
Application_server Oracle 9.0.2 9.0.2
Application_server Oracle 9.0.2.0.0 9.0.2.0.0
Application_server Oracle 9.0.2.0.1 9.0.2.0.1
Application_server Oracle 9.0.2.1 9.0.2.1
Application_server Oracle 9.0.2.2 9.0.2.2
Application_server Oracle 9.0.2.3 9.0.2.3
Application_server Oracle 9.0.3 9.0.3
Application_server Oracle 9.0.3.1 9.0.3.1
Http_server Oracle 8.1.7 8.1.7
Http_server Oracle 9.0.1 9.0.1
Http_server Oracle 9.2.0 9.2.0

References