Vulners
Lucene search
Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE
| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
 | Oracle PeopleSoft HCM 9.2 XXE Injection Vulnerability | 20 Apr 201700:00 | – | zdt |
| Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External En | 4 Nov 201700:00 | – | zdt |
 | Oracle PeopleSoft Enterprise PeopleTools Denial of Service Vulnerability | 27 Apr 201700:00 | – | cnvd |
 | CVE-2017-3548 | 24 Apr 201719:00 | – | cve |
 | CVE-2017-3548 | 24 Apr 201719:00 | – | cvelist |
 | Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE | 25 Apr 201700:00 | – | exploitdb |
 | XXE VIA DOCTYPE in PeopleSoft | 23 Dec 201600:00 | – | erpscan |
 | EUVD-2017-12668 | 24 Apr 201719:00 | – | euvd |
 | Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE | 25 Apr 201700:00 | – | exploitpack |
 | U.S. Dept Of Defense: Remote Code Execution (RCE) vulnerability in a DoD website | 26 May 201723:03 | – | hackerone |
10
Application: Oracle PeopleSoft
Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55
Vendor URL: http://oracle.com
Bug: XXE
Reported: 23.12.2016
Vendor response: 24.12.2016
Date of Public Advisory: 18.04.2017
Reference: Oracle CPU April 2017
Author: Nadya Krivdyuk (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft
PeopleSoftServiceListeningConnector
Advisory ID: [ERPSCAN-17-020]
Risk: high
CVE: CVE-2017-3548
Advisory URL: https://erpscan.com/advisories/erpscan-17-020-xxe-via-doctype-peoplesoft/
Date published: 18.04.2017
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XXE
Impact: File disclosure, network discovery
Remotely Exploitable: yes
Locally Exploitable: no
CVSS Information
CVSS Base Score v3: 8.0 / 10
CVSS Base Vector:
AV : Attack Vector (Related exploit range) Network (N)
AC : Attack Complexity (Required attack complexity) High (H)
PR : Privileges Required (Level of privileges needed to exploit) High (H)
UI : User Interaction (Required user participation) None (N)
S : Scope (Change in scope due to impact caused to components beyond
the vulnerable component) Changed (C)
C : Impact to Confidentiality High (H)
I : Impact to Integrity High (H)
A : Impact to Availability High (H)
3. VULNERABILITY DESCRIPTION
A malicious user can modify an XML-based request to include XML
content that is then parsed locally.
4. VULNERABLE PACKAGES
PeopleSoft HCM 9.2 on PeopleTools 8.55
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, implement Oracle CPU April 2017
6. AUTHOR
Nadya Krivdyuk
7. TECHNICAL DESCRIPTION
An attacker can use an XML external entity vulnerability to send
specially crafted unauthorized XML requests, which will be processed
by the XML parser. The attacker can use an XML external entity
vulnerability for getting unauthorised access to the OS file system.
PoC
POST /PSIGW/PeopleSoftServiceListeningConnector HTTP/1.1
Host: 172.16.2.91:8000
Content-type: text/xml
<!DOCTYPE a PUBLIC "-//B/A/EN" "C:\windows">
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Apr 2017 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.4916