CVE-2004-1877

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server (9iAS) version 9.0.2

Description The issue allows remote attackers to spoof the login page, potentially causing users to inadvertently reveal their username and password. This is due to the p submit url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide.

Recommendations For Oracle 9i Application Server (9iAS) version 9.0.2, consider modifying the p submit url value in the sample login form to prevent spoofing of the login page. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation.