Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1877

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-1877
Last Modified 05 Sep 2008 04:42:35
Published 30 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1877

Summary

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Vulnerable Systems

Application

  • Oracle Application Server 1.0.2

  • Oracle Application Server 1.0.2.1s

  • Oracle Application Server 1.0.2.2

  • Oracle Application Server 1.0.2.2.2

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Http Server 8.1.7

  • Oracle Http Server 9.0.1

  • Oracle Http Server 9.2.0


References

XF - oracle-sso-login-spoofing(15676)

BID - 10009

BUGTRAQ - 20040330 Problem with customized login pages for Oracle SSO


Last Updated: 27 May 2016 10:39:13