PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Peopletools | Peoplesoft | 8.4 (including) | 8.4 (including) |
| Peopletools | Peoplesoft | 8.10 (including) | 8.10 (including) |
| Peopletools | Peoplesoft | 8.11 (including) | 8.11 (including) |
| Peopletools | Peoplesoft | 8.12 (including) | 8.12 (including) |
| Peopletools | Peoplesoft | 8.13 (including) | 8.13 (including) |
| Peopletools | Peoplesoft | 8.14 (including) | 8.14 (including) |
| Peopletools | Peoplesoft | 8.15 (including) | 8.15 (including) |
| Peopletools | Peoplesoft | 8.16 (including) | 8.16 (including) |
| Peopletools | Peoplesoft | 8.17 (including) | 8.17 (including) |
| Peopletools | Peoplesoft | 8.18 (including) | 8.18 (including) |
| Peopletools | Peoplesoft | 8.19 (including) | 8.19 (including) |
| Peopletools | Peoplesoft | 8.20 (including) | 8.20 (including) |
| Peopletools | Peoplesoft | 8.40 (including) | 8.40 (including) |
| Peopletools | Peoplesoft | 8.41 (including) | 8.41 (including) |
| Peopletools | Peoplesoft | 8.42 (including) | 8.42 (including) |
| Peopletools | Peoplesoft | 8.43 (including) | 8.43 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=106874146204158\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=106874146204158\u0026w=2