CVE-2002-1252

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Published: Feb 7, 2003
Updated: Apr 13, 2023
CVE: CVE-2002-1252
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
peoplesoft / peopletools	8.15	8.15.x
peoplesoft / peopletools	8.17	8.17.x
peoplesoft / peopletools	8.16	8.16.x
peoplesoft / peopletools	8.14	8.14.x
peoplesoft / peopletools	8.18	8.18.x

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
http://www.iss.net/security_center/static/10520.php
http://www.securityfocus.com/bid/6647

Vulnerability Database

289,871

CVE-2002-1252