Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1252

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1252
Last Modified 10 Sep 2008 03:14:10
Published 07 Feb 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1252

Summary

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Vulnerable Systems

Application

  • Peoplesoft Peopletools 8.14

  • Peoplesoft Peopletools 8.15

  • Peoplesoft Peopletools 8.16

  • Peoplesoft Peopletools 8.17

  • Peoplesoft Peopletools 8.18


References

XF - peoplesoft-xxe-read-files(10520)

ISS - 20030120 PeopleSoft XML External Entities Vulnerability

BID - 6647


Last Updated: 27 May 2016 10:37:15