CVE-2002-1252
Published Feb 7, 2003
Last updated 16 years ago
Overview
- Description
- The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9ADCBDC1-C291-4978-95CC-2955AF9F0149"
},
{
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "623DDE5E-20CF-4002-A532-E1B0171FF0C5"
},
{
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55820FF1-2A48-4699-8C90-90CBC0C2D6A4"
},
{
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAD1CF68-901D-4366-81F1-20E561BEB405"
},
{
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B7B6AF6-2C2B-4186-911A-63D7CCE34E79"
}
],
"operator": "OR"
}
]
}
]