Lucene search

[email protected]CVE-2002-1252

HistoryFeb 07, 2003 - 5:00 a.m.

CVE-2002-1252

2003-02-0705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

application messaging gateway

peopletools

xxe

http post

simplefilehandler

nvd

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

CPENameOperatorVersion
peoplesoft:peopletoolspeoplesoft peopletoolseq8.15
peoplesoft:peopletoolspeoplesoft peopletoolseq8.17
peoplesoft:peopletoolspeoplesoft peopletoolseq8.16
peoplesoft:peopletoolspeoplesoft peopletoolseq8.14
peoplesoft:peopletoolspeoplesoft peopletoolseq8.18

CPE	Name	Operator	Version
peoplesoft:peopletools	peoplesoft peopletools	eq	8.15
peoplesoft:peopletools	peoplesoft peopletools	eq	8.17
peoplesoft:peopletools	peoplesoft peopletools	eq	8.16
peoplesoft:peopletools	peoplesoft peopletools	eq	8.14
peoplesoft:peopletools	peoplesoft peopletools	eq	8.18

References

bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811

www.iss.net/security_center/static/10520.php

www.securityfocus.com/bid/6647

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON