VulDB: Oracle PeopleSoft Enterprise 8.49/8.50/8.51 PeopleTools Security Module denial of service
General
scipID: 4252
Affected: Oracle PeopleSoft Enterprise 8.49/8.50/8.51
Published: 01/19/2011
Risk: 
problematic
Entry: 85.2% complete
Created: 02/14/2011
Updated: 09/03/2012
Summary
A vulnerability has been found in Oracle PeopleSoft Enterprise 8.49/8.50/8.51 and classified as problematic. This vulnerability affects an unknown function of the component PeopleTools Security Module. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.
The weakness was disclosed 01/19/2011 with Oracle. The advisory is shared for download at oracle.com. This vulnerability was named CVE-2010-4424 since 12/06/2010. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. The vulnerability is also documented in the vulnerability database at Secunia (SA42924).CVSS
Base Score: 4.6 (CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: Patch
0-Day Time: 0 days since found
Patch: oracle.com
Timeline
12/06/2010 | CVE assigned
01/19/2011 | Advisory disclosed
02/14/2011 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Researcher: http://www.oracle.com
Company: Oracle
CVE: CVE-2010-4424 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 42924
- Latest Entries
- Apple iOS Mobile Hotspot generateDefaultPassword() schwache Authentisierung
- Cisco ASA CX TCP Packet Handler Denial of Service [CVE-2013-1203]
- Microsoft Outlook S/MIME Handler schwache Verschlüsselung
- Google Android Input Validation Handler Information Disclosure
- Fortinet FortiOS Permission Handler schwache Authentisierung
- Statistics
- Archive
