CVE-2002-1252

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811	Vendor Advisory
http://www.iss.net/security_center/static/10520.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/6647

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:peoplesoft:peopletools:8.14:::::::*
	cpe:2.3:a:peoplesoft:peopletools:8.15:::::::*
	cpe:2.3:a:peoplesoft:peopletools:8.16:::::::*
	cpe:2.3:a:peoplesoft:peopletools:8.17:::::::*
	cpe:2.3:a:peoplesoft:peopletools:8.18:::::::*

History

No history.

Information

Published : 2003-02-07 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-1252

Mitre link : CVE-2002-1252

CVE.ORG link : CVE-2002-1252

JSON object : View

Products Affected

peoplesoft

peopletools

CWE

NVD-CWE-Other

{"id": "CVE-2002-1252", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-02-07T05:00:00.000", "references": [{"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10520.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6647", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler."}, {"lang": "es", "value": "La Pasarela de Mensajeria de Aplicaciones de PeopleTools 8.1x anterior a 8.19, usada en varios productos de PeopleSoft, permite a atacantes remotos leer ficheros arbitrarios mediante ciertos campos de entidades externas XML (XEE) en una petici\u00f3n HTTP POST que es procesada por el manejador SimpleFileHandler"}], "lastModified": "2008-09-10T19:14:10.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ADCBDC1-C291-4978-95CC-2955AF9F0149"}, {"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623DDE5E-20CF-4002-A532-E1B0171FF0C5"}, {"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55820FF1-2A48-4699-8C90-90CBC0C2D6A4"}, {"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD1CF68-901D-4366-81F1-20E561BEB405"}, {"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7B6AF6-2C2B-4186-911A-63D7CCE34E79"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}