Vulnerabilities > CVE-2002-1252 - Unspecified vulnerability in Peoplesoft Peopletools

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

peoplesoft

NVD

Published: 2003-02-07

Updated: 2024-11-20

Summary

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Vulnerable Configurations

Part	Description	Count
Application	Peoplesoft Peoplesoft Peopletools 8.15 Peoplesoft Peopletools 8.17 Peoplesoft Peopletools 8.16 Peoplesoft Peopletools 8.14 Peoplesoft Peopletools 8.18	5

References

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
http://www.iss.net/security_center/static/10520.php
http://www.iss.net/security_center/static/10520.php
http://www.securityfocus.com/bid/6647
http://www.securityfocus.com/bid/6647