CVE-2004-1877

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=108067040722235&w=2
http://www.securityfocus.com/bid/10009	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15676

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:application_server:1.0.2:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.1s:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.2:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.2.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.0:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.1:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.1:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.3:::::::*
	cpe:2.3:a:oracle:application_server:9.0.3:::::::*
	cpe:2.3:a:oracle:application_server:9.0.3.1:::::::*
	cpe:2.3:a:oracle:http_server:8.1.7:::::::*
	cpe:2.3:a:oracle:http_server:9.0.1:::::::*
	cpe:2.3:a:oracle:http_server:9.2.0:::::::*

History

No history.

Information

Published : 2004-03-30 05:00

Updated : 2017-07-11 01:31

NVD link : CVE-2004-1877

Mitre link : CVE-2004-1877

CVE.ORG link : CVE-2004-1877

JSON object : View

Products Affected

oracle

http_server
application_server

CWE

NVD-CWE-Other

{"id": "CVE-2004-1877", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2004-03-30T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108067040722235&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10009", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password."}], "lastModified": "2017-07-11T01:31:25.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F"}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919"}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7"}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B"}, {"criteria": "cpe:2.3:a:oracle:http_server:8.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54FCC402-401B-4830-8181-78E49E1F1F72"}, {"criteria": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B72A661-9EAA-4B9B-8865-17C8A29871BB"}, {"criteria": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7485BFF1-6863-4165-BE36-D656F39CF5EF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}