Source: cve@mitre.org
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
PeopleSoft PeopleTools versions 8.4 through 8.43 are vulnerable to a denial-of-service (DoS) attack due to a flaw in the psdoccgi.exe component. This vulnerability allows remote attackers to crash the application, potentially disrupting critical business operations. Successful exploitation can lead to significant downtime and impact the availability of PeopleSoft services.
Step 1: Payload Delivery: An attacker crafts a malicious HTTP request targeting the psdoccgi.exe executable, typically through a web server interface. This request includes crafted values for the headername and/or footername parameters.
Step 2: Request Processing: The web server receives the malicious request and forwards it to psdoccgi.exe.
Step 3: Argument Parsing: psdoccgi.exe parses the HTTP request and extracts the values provided for headername and footername.
Step 4: Vulnerability Trigger: The application attempts to process the malicious headername and/or footername values. Due to the lack of input validation, the crafted input causes an error, such as a buffer overflow or memory corruption, within the application's memory space.
Step 5: Application Crash: The memory corruption leads to an application crash, resulting in a denial-of-service (DoS). The PeopleSoft application becomes unavailable.
The vulnerability lies within the psdoccgi.exe component of PeopleSoft PeopleTools. The root cause is likely related to improper handling of user-supplied input, specifically the headername and footername arguments. The application likely fails to adequately validate the size or content of these arguments before processing them. This could lead to a buffer overflow or other memory corruption issues within the application's internal data structures when parsing the provided header and footer information. The lack of proper input validation allows for the crafting of malicious requests that cause the application to crash, resulting in a denial-of-service. The specific function or logic flaw is likely within the code responsible for processing the headername and footername arguments, potentially related to string manipulation or memory allocation.
Due to the age of the vulnerability, it's unlikely to be actively targeted by sophisticated APTs. However, it could be exploited by less skilled attackers or used as part of a broader attack chain. CISA KEV status: Not Listed.
Monitor web server logs for suspicious HTTP requests targeting psdoccgi.exe with unusually long or malformed values for the headername and footername parameters.
Analyze application logs for error messages or crash reports related to psdoccgi.exe.
Implement intrusion detection system (IDS) rules to identify malicious HTTP requests based on known attack patterns.
Monitor network traffic for unusual activity directed towards the PeopleSoft application, especially requests containing the vulnerable parameters.
Use file integrity monitoring to detect any unauthorized changes to psdoccgi.exe or related files.
Upgrade to a patched version of PeopleSoft PeopleTools. While the specific patch details are not provided in the CVE, upgrading to a supported version is the primary mitigation.
Implement input validation to sanitize and validate the headername and footername parameters, ensuring that the input conforms to expected formats and lengths.
Apply the latest security patches provided by Oracle for PeopleSoft.
Restrict access to the psdoccgi.exe executable by implementing network segmentation and access control lists (ACLs).
Regularly scan the PeopleSoft environment for vulnerabilities using vulnerability scanners.
Implement a Web Application Firewall (WAF) to filter malicious traffic and protect against attacks targeting the PeopleSoft application.