CVE-2004-1877

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/10009	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=108067040722235&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15676

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:application_server:1.0.2.1s:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.3:::::::*
	cpe:2.3:a:oracle:application_server:9.0.3:::::::*
	cpe:2.3:a:oracle:application_server:9.0.3.1:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.2.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2:::::::*
	cpe:2.3:a:oracle:http_server:8.1.7:::::::*
	cpe:2.3:a:oracle:http_server:9.0.1:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.1:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.0:::::::*
	cpe:2.3:a:oracle:http_server:9.2.0:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.1:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.2:::::::*

Information

Published : 2004-03-29 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1877

Mitre link : CVE-2004-1877

JSON object : View

CWE

NVD-CWE-Other

Products Affected

oracle

http_server
application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/10009", "name": "10009", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=108067040722235&w=2", "name": "20040330 Problem with customized login pages for Oracle SSO", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676", "name": "oracle-sso-login-spoofing(15676)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1877", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2004-03-30T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:http_server:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}

2.6 /10