Multiple vulnerabilities have been identified in PeopleTools, which can be exploited by malicious people to conduct Cross-Site Scripting attacks, gain knowledge of sensitive information, or cause a DoS (Denial of Service).

1) Missing input validation in the Gateway Administration servlet can be exploited to disclose path information about server configuration files by supplying invalid values.

2) Missing input validation in the IScript application can be exploited to conduct Cross-Site Scripting attack by including arbitrary HTML or script code in a HTTP request, which will be executed in a user's current browser session when viewed.

Successful exploitation may disclose sensitive information (eg. cookie-based authentication information) associated with the site running PeopleTools or inclusion of malicious content, which the user thinks is part of the real website.

3) Validation errors in the PeopleBooks Search CGI application ("psdoccgi.exe") when handling "headername" and "footername" arguments can be exploited to access arbitrary files outside the web root and cause a DoS.

The vulnerabilities affect versions 8.20/8.43 and prior.

Solution
Apply patches available from PeopleSoft Customer Connection.
Further details available in Customer Area

Provided and/or discovered by
Martin O'Neal and Glyn Geoghegan, Corsaire Limited.

Original Advisory
PeopleSoft Gateway Administration servlet path disclosure issue:
http://www.corsaire.co.uk/advisories/c030704-003.txt

PeopleSoft IScript XSS issue:
http://www.corsaire.co.uk/advisories/c030704-004.txt

PeopleSoft PeopleBooks Search CGI multiple argument issues:
http://www.corsaire.co.uk/advisories/c030704-010.txt

Deep Links
Links available in Customer Area