Info

Disclosure

Nov 12, 2003

Discovery

Jul 01, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

PeopleSoft PeopleTools contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an actual path is passed to the Search CGI application, which will disclose files outside the web server root, resulting in a loss of confidentiality. It is also possible to cause a DoS on the web server host.

Classification

Unknown or Incomplete

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, PeopleSoft has released a patch to address this vulnerability.

Products

PeopleSoft	PeopleTools	8.10
		8.11
		8.12
		8.13
		8.14
		8.15
		8.16
		8.17
		8.18
		8.19
		8.20
		8.4
		8.40
		8.41
		8.42
		8.43

References

Secunia Advisory ID: 10225
Bugtraq ID: 9037 9038
Generic Informational URL: http://www.corsaire.co.uk/advisories/c030704-010.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/2815