Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS

2007-01-17T04:18:47
ID OSVDB:32874
Type osvdb
Reporter OSVDB
Modified 2007-01-17T04:18:47

Description

Vulnerability Description

PeopleSoft PeopleTools contains a flaw that allows a remote cross site scripting attack. This flaw exists in the PeopleSoft Internet Architecture (PIA). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to PeopleTools 8.47.12 or higher in the case of PeopleTools 8.47, or PeopleTools 8.48.07 or higher for PeopleTools 8.48, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html Vendor Specific Advisory URL Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA07-017A Security Tracker: 1017522 Secunia Advisory ID:23794 Related OSVDB ID: 32873 Related OSVDB ID: 32881 Related OSVDB ID: 32895 Related OSVDB ID: 32906 Related OSVDB ID: 32875 Related OSVDB ID: 32894 Related OSVDB ID: 32907 Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA07-017A.html News Article: http://news.com.com/Oracle+plugs+51+security+flaws/2100-1002_3-6150671.html Keyword: PSE03 ISS X-Force ID: 31541 CVE-2007-0297 CERT: TA07-017A Bugtraq ID: 22083