Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Remediation

References

CVE-2004-1877

Related Vulnerabilities

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)

WordPress Plugin Advertizer 'id' Parameter SQL Injection (1.0)

WordPress Plugin Navis DocumentCloud Cross-Site Scripting (0.1)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-3663)

AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42051)

Severity

Low

Classification

CVE-2004-1877

Tags

Missing Update Known Vulnerabilities