Lucene search
HistoryMay 10, 2005 - 4:00 a.m.
CVE-2004-1877
cve-2004-1877
oracle
9ias
single sign-on
spoofing
security vulnerability
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
9 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.4%
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Affected configurations
Node
oracleapplication_serverMatch1.0.2
ORoracleapplication_serverMatch1.0.2.1s
ORoracleapplication_serverMatch1.0.2.2
ORoracleapplication_serverMatch1.0.2.2.2
ORoracleapplication_serverMatch9.0.2
ORoracleapplication_serverMatch9.0.2.0.0
ORoracleapplication_serverMatch9.0.2.0.1
ORoracleapplication_serverMatch9.0.2.1
ORoracleapplication_serverMatch9.0.2.2
ORoracleapplication_serverMatch9.0.2.3
ORoracleapplication_serverMatch9.0.3
ORoracleapplication_serverMatch9.0.3.1
ORoraclehttp_serverMatch8.1.7
ORoraclehttp_serverMatch9.0.1
ORoraclehttp_serverMatch9.2.0
Related
nvd
nvd
CVE-2004-1877
2004-03-30 05:00:00
cvelist
cvelist
CVE-2004-1877
2005-05-10 04:00:00
nessus
nessus
Oracle Application Server Multiple Vulnerabilities
2012-01-24 00:00:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
9 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.4%
Related for CVE-2004-1877