Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Remediation

References

CVE-2004-1877

Related Vulnerabilities

WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.3.9)

Apache Tomcat version older than 6.0.10

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)

WordPress Plugin Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)

WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box Cross-Site Scripting (6.2.6)

Severity

Low

Classification

CVE-2004-1877

Tags

Missing Update Known Vulnerabilities