Vulnerability Description
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peoplesoft | Peopletools | 8.14 |
References
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811Vendor Advisory
- http://www.iss.net/security_center/static/10520.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/6647
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811Vendor Advisory
- http://www.iss.net/security_center/static/10520.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/6647
FAQ
What is CVE-2002-1252?
CVE-2002-1252 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fiel...
How severe is CVE-2002-1252?
CVE-2002-1252 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1252?
Check the references section above for vendor advisories and patch information. Affected products include: Peoplesoft Peopletools.