CVE-2004-1877 Information

Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page which could allow users to inadvertently reveal their username and password.

Reference

http://marc.info/?l=bugtraq&m=108067040722235&w=2 http://www.securityfocus.com/bid/10009 https://exchange.xforce.ibmcloud.com/vulnerabilities/15676 The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page which could allow users to inadvertently reveal their username and password.