CVE-2004-1877Oracle Application Server vulnerability

3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.8%
top 25.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Application ServerOracle Http Server
Timeline
PublishedMar 30
Latest updateApr 29

Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDoracle/application_server12 versions+11
NVDoracle/http_server8.1.7, 9.0.1, 9.2.0+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-phc3-vv24-qgfp: The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(92022-04-29
CVEList
CVE-2004-1877: The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(92005-05-10
CVE-2004-1877 — Oracle Application Server vulnerability | cvebase