psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Peopletools | Peoplesoft | 8.4 (including) | 8.4 (including) |
| Peopletools | Peoplesoft | 8.10 (including) | 8.10 (including) |
| Peopletools | Peoplesoft | 8.11 (including) | 8.11 (including) |
| Peopletools | Peoplesoft | 8.12 (including) | 8.12 (including) |
| Peopletools | Peoplesoft | 8.13 (including) | 8.13 (including) |
| Peopletools | Peoplesoft | 8.14 (including) | 8.14 (including) |
| Peopletools | Peoplesoft | 8.15 (including) | 8.15 (including) |
| Peopletools | Peoplesoft | 8.16 (including) | 8.16 (including) |
| Peopletools | Peoplesoft | 8.17 (including) | 8.17 (including) |
| Peopletools | Peoplesoft | 8.18 (including) | 8.18 (including) |
| Peopletools | Peoplesoft | 8.19 (including) | 8.19 (including) |
| Peopletools | Peoplesoft | 8.20 (including) | 8.20 (including) |
| Peopletools | Peoplesoft | 8.40 (including) | 8.40 (including) |
| Peopletools | Peoplesoft | 8.41 (including) | 8.41 (including) |
| Peopletools | Peoplesoft | 8.42 (including) | 8.42 (including) |
| Peopletools | Peoplesoft | 8.43 (including) | 8.43 (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html
- http://www.auscert.org.au/render.html?it=3610
- http://www.secunia.com/advisories/10225/
- http://www.securityfocus.com/bid/9037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13754
- http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html
- http://www.auscert.org.au/render.html?it=3610
- http://www.secunia.com/advisories/10225/
- http://www.securityfocus.com/bid/9037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13754