PT-2003-1142 · Peopletools · Application Messaging Gateway

Publicado

2003-02-07

Atualizado

2008-09-10

CVE-2002-1252

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Application Messaging Gateway for PeopleTools versions 8.1x through 8.18

Description The issue allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Recommendations For versions 8.1x through 8.18, update to version 8.19 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1252

Produtos afetados

Application Messaging Gateway

PT-2003-1142 · Peopletools · Application Messaging Gateway

CVE-2002-1252

Identificadores relacionados

Produtos afetados

Referências · 4