CVE-2004-1877
Last modified
CVE-2004-1877 is a vulnerability of currently unknown severity. The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.. EPSS estimates a 3.00% chance of exploitation in the next 30 days.
Description
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 1.0.2 |
| Oracle | Application Server | 1.0.2.1s |
| Oracle | Application Server | 1.0.2.2 |
| Oracle | Application Server | 1.0.2.2.2 |
| Oracle | Application Server | 9.0.2 |
| Oracle | Application Server | 9.0.2.0.0 |
| Oracle | Application Server | 9.0.2.0.1 |
| Oracle | Application Server | 9.0.2.1 |
| Oracle | Application Server | 9.0.2.2 |
| Oracle | Application Server | 9.0.2.3 |
| Oracle | Application Server | 9.0.3 |
| Oracle | Application Server | 9.0.3.1 |
| Oracle | Http Server | 8.1.7 |
| Oracle | Http Server | 9.0.1 |
| Oracle | Http Server | 9.2.0 |
References
- http://www.securityfocus.com/bid/10009Patch, Vendor Advisory
- http://www.securityfocus.com/bid/10009Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1877?
How severe is CVE-2004-1877?
How do I fix CVE-2004-1877?
Are you affected by CVE-2004-1877?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST