CVE-2004-1877
First published: Tue Mar 30 2004(Updated: )
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java System Application Server | =1.0.2 | |
| Oracle Java System Application Server | =1.0.2.1s | |
| Oracle Java System Application Server | =1.0.2.2 | |
| Oracle Java System Application Server | =1.0.2.2.2 | |
| Oracle Java System Application Server | =9.0.2 | |
| Oracle Java System Application Server | =9.0.2.0.0 | |
| Oracle Java System Application Server | =9.0.2.0.1 | |
| Oracle Java System Application Server | =9.0.2.1 | |
| Oracle Java System Application Server | =9.0.2.2 | |
| Oracle Java System Application Server | =9.0.2.3 | |
| Oracle Java System Application Server | =9.0.3 | |
| Oracle Java System Application Server | =9.0.3.1 | |
| Oracle HTTP Server | =8.1.7 | |
| Oracle HTTP Server | =9.0.1 | |
| Oracle HTTP Server | =9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1877?
CVE-2004-1877 is classified as a medium severity vulnerability due to its potential for user credential exposure.
How do I fix CVE-2004-1877?
To fix CVE-2004-1877, apply the latest patches provided by Oracle for the affected versions of Oracle 9i Application Server.
What kind of attack can exploit CVE-2004-1877?
CVE-2004-1877 can be exploited through a spoofing attack targeting the login page, leading to credential theft.
Which software versions are affected by CVE-2004-1877?
CVE-2004-1877 affects various versions of Oracle Java System Application Server, including 1.0.2, 9.0.2, and others listed in the vulnerability details.
Is user education necessary to mitigate CVE-2004-1877?
Yes, user education about recognizing phishing attempts and verifying URL authenticity can help mitigate the risks associated with CVE-2004-1877.
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- canonical/oracle java system application server
- version/oracle java system application server/1.0.2
- version/oracle java system application server/1.0.2.1s
- version/oracle java system application server/1.0.2.2
- version/oracle java system application server/1.0.2.2.2
- version/oracle java system application server/9.0.2
- version/oracle java system application server/9.0.2.0.0
- version/oracle java system application server/9.0.2.0.1
- version/oracle java system application server/9.0.2.1
- version/oracle java system application server/9.0.2.2
- version/oracle java system application server/9.0.2.3
- version/oracle java system application server/9.0.3
- version/oracle java system application server/9.0.3.1
- canonical/oracle http server
- version/oracle http server/8.1.7
- version/oracle http server/9.0.1
- version/oracle http server/9.2.0