Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Remediation

References

CVE-2004-1877

Related Vulnerabilities

WordPress Plugin IMPress for IDX Broker Multiple Vulnerabilities (2.6.1)

WordPress Incorrect Authorization Vulnerability (CVE-2017-6816)

WordPress Plugin Google Forms Cross-Site Scripting (0.84)

WordPress Plugin Ocean Extra PHP Object Injection (2.0.4)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)

Severity

Low

Classification

CVE-2004-1877

Tags

Missing Update Known Vulnerabilities