Lucene search
HistoryDec 15, 2003 - 5:00 a.m.
CVE-2003-0950
cve-2003-0950
peoplesoft
peopletools
remote attacker
arbitrary commands
file uploading
iclient servlet
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
Affected configurations
Node
peoplesoftpeopletoolsMatch8.4
ORpeoplesoftpeopletoolsMatch8.10
ORpeoplesoftpeopletoolsMatch8.11
ORpeoplesoftpeopletoolsMatch8.12
ORpeoplesoftpeopletoolsMatch8.13
ORpeoplesoftpeopletoolsMatch8.14
ORpeoplesoftpeopletoolsMatch8.15
ORpeoplesoftpeopletoolsMatch8.16
ORpeoplesoftpeopletoolsMatch8.17
ORpeoplesoftpeopletoolsMatch8.18
ORpeoplesoftpeopletoolsMatch8.19
ORpeoplesoftpeopletoolsMatch8.20
ORpeoplesoftpeopletoolsMatch8.40
ORpeoplesoftpeopletoolsMatch8.41
ORpeoplesoftpeopletoolsMatch8.42
ORpeoplesoftpeopletoolsMatch8.43
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
Related for CVE-2003-0950