The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Software | From | Fixed in |
---|---|---|
oracle / http_server | 8.1.7 | 8.1.7.x |
oracle / http_server | 9.0.1 | 9.0.1.x |
oracle / http_server | 9.2.0 | 9.2.0.x |
oracle / application_server | 1.0.2 | 1.0.2.x |
oracle / application_server | 1.0.2.1s | 1.0.2.1s.x |
oracle / application_server | 1.0.2.2 | 1.0.2.2.x |
oracle / application_server | 1.0.2.2.2 | 1.0.2.2.2.x |
oracle / application_server | 9.0.2 | 9.0.2.x |
oracle / application_server | 9.0.2.0.0 | 9.0.2.0.0.x |
oracle / application_server | 9.0.2.0.1 | 9.0.2.0.1.x |
oracle / application_server | 9.0.2.1 | 9.0.2.1.x |
oracle / application_server | 9.0.2.2 | 9.0.2.2.x |
oracle / application_server | 9.0.2.3 | 9.0.2.3.x |
oracle / application_server | 9.0.3 | 9.0.3.x |
oracle / application_server | 9.0.3.1 | 9.0.3.1.x |