Vulnerability Description
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 1.0.2 |
| Oracle | Http Server | 8.1.7 |
References
- http://marc.info/?l=bugtraq&m=108067040722235&w=2
- http://www.securityfocus.com/bid/10009PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15676
- http://marc.info/?l=bugtraq&m=108067040722235&w=2
- http://www.securityfocus.com/bid/10009PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15676
FAQ
What is CVE-2004-1877?
CVE-2004-1877 is a vulnerability with a CVSS score of 2.6 (LOW). The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the log...
How severe is CVE-2004-1877?
CVE-2004-1877 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1877?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server, Oracle Http Server.