mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
114 lines
3.5 KiB
JSON
114 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2002-1252",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2003-02-07T05:00:00.000",
|
|
"lastModified": "2008-09-10T19:14:10.057",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La Pasarela de Mensajeria de Aplicaciones de PeopleTools 8.1x anterior a 8.19, usada en varios productos de PeopleSoft, permite a atacantes remotos leer ficheros arbitrarios mediante ciertos campos de entidades externas XML (XEE) en una petici\u00f3n HTTP POST que es procesada por el manejador SimpleFileHandler"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9ADCBDC1-C291-4978-95CC-2955AF9F0149"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "623DDE5E-20CF-4002-A532-E1B0171FF0C5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55820FF1-2A48-4699-8C90-90CBC0C2D6A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EAD1CF68-901D-4366-81F1-20E561BEB405"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3B7B6AF6-2C2B-4186-911A-63D7CCE34E79"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.iss.net/security_center/static/10520.php",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/6647",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |