The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote malicious users to spoof the login page, which could allow users to inadvertently reveal their username and password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle application server 1.0.2.1s |
||
oracle application server 1.0.2.2 |
||
oracle application server 9.0.2.3 |
||
oracle application server 9.0.3 |
||
oracle application server 9.0.3.1 |
||
oracle application server 1.0.2.2.2 |
||
oracle application server 9.0.2 |
||
oracle http server 8.1.7 |
||
oracle http server 9.0.1 |
||
oracle application server 1.0.2 |
||
oracle application server 9.0.2.1 |
||
oracle application server 9.0.2.2 |
||
oracle application server 9.0.2.0.0 |
||
oracle application server 9.0.2.0.1 |
||
oracle http server 9.2.0 |