CVE-2004-1877

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Published: Mar 30, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1877
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / http_server	9.0.1	9.0.1.x
oracle / application_server	9.0.2.1	9.0.2.1.x
oracle / application_server	9.0.2.0.0	9.0.2.0.0.x
oracle / http_server	8.1.7	8.1.7.x
oracle / application_server	9.0.2.3	9.0.2.3.x
oracle / http_server	9.2.0	9.2.0.x
oracle / application_server	9.0.2.0.1	9.0.2.0.1.x
oracle / application_server	9.0.2.2	9.0.2.2.x
oracle / application_server	1.0.2.2.2	1.0.2.2.2.x
oracle / application_server	1.0.2.1s	1.0.2.1s.x
oracle / application_server	9.0.2	9.0.2.x
oracle / application_server	9.0.3	9.0.3.x
oracle / application_server	9.0.3.1	9.0.3.1.x
oracle / application_server	1.0.2.2	1.0.2.2.x
oracle / application_server	1.0.2	1.0.2.x

Vulnerability Database

289,697

CVE-2004-1877