安全研究
安全漏洞
PeopleSoft PeopleTools psdoccgi.exe拒绝服务攻击漏洞
发布日期:2003-11-13
更新日期:2003-11-19
受影响系统:PeopleSoft PeopleTools 8.43
PeopleSoft PeopleTools 8.42
PeopleSoft PeopleTools 8.41
PeopleSoft PeopleTools 8.40
PeopleSoft PeopleTools 8.4
PeopleSoft PeopleTools 8.19
PeopleSoft PeopleTools 8.18
PeopleSoft PeopleTools 8.17
PeopleSoft PeopleTools 8.16
PeopleSoft PeopleTools 8.15
PeopleSoft PeopleTools 8.14
PeopleSoft PeopleTools 8.13
PeopleSoft PeopleTools 8.12
PeopleSoft PeopleTools 8.11
PeopleSoft PeopleTools 8.10
描述:
BUGTRAQ ID:
9038
CVE(CAN) ID:
CVE-2003-0627
PeopleSoft企业软件集成多个商务功能,包括人事、客户关系、供求关系、财务等管理。
PeopleSoft PeopleTools包含的搜索CGI脚本对用户提交参数缺少充分过滤,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
psdoccgi.exe搜索CGI应用程序用于搜索PeopleBooks在线文档,应用程序接收外部输入两个参数,headername和footername,允许用户选择页头和页脚本内容返回给请求者,由于对此参数数据缺少充分过滤,攻击者提交非法参数可使应用程序停止响应。
<*来源:Martin O'Neal (
bugtraq@corsaire.com)
链接:
http://marc.theaimsgroup.com/?l=bugtraq&m=106873960701353&w=2
*>
建议:
厂商补丁:
PeopleSoft
----------
目前厂商已经发布了升级补丁以修复这个安全问题,用户可以联系供应商获得如下补丁:
Release Patch
8.18 8.18.15
8.19 8.19.12
8.20 8.20.03
8.42 8.42.14
8.43 8.43.11
https://www.peoplesoft.com/corp/en/login.jsp浏览次数:2648
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载 绿盟科技给您安全的保障 |