CVE-2003-0628

PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.

Published: Dec 15, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0628
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
peoplesoft / peopletools	8.15	8.15.x
peoplesoft / peopletools	8.19	8.19.x
peoplesoft / peopletools	8.42	8.42.x
peoplesoft / peopletools	8.43	8.43.x
peoplesoft / peopletools	8.12	8.12.x
peoplesoft / peopletools	8.10	8.10.x
peoplesoft / peopletools	8.17	8.17.x
peoplesoft / peopletools	8.41	8.41.x
peoplesoft / peopletools	8.16	8.16.x
peoplesoft / peopletools	8.11	8.11.x
peoplesoft / peopletools	8.18	8.18.x
peoplesoft / peopletools	8.13	8.13.x
peoplesoft / peopletools	8.20	8.20.x
peoplesoft / peopletools	8.4	8.4.x
peoplesoft / peopletools	8.14	8.14.x
peoplesoft / peopletools	8.40	8.40.x

http://marc.info/?l=bugtraq&m=106874146204158&w=2

Vulnerability Database

289,697

CVE-2003-0628