
Make sure you're not affected...
By silicon.com
Published: 21 January 2003 15:17 GMT
By Patrick Gray
A serious vulnerability, which may allow attackers to obtain confidential information, has been found in PeopleSoft's Application Messaging Gateway servlet.
Internet Security Systems (ISS), a network security company based in theUS, discovered the security glitch, present in default installations, and released an advisory.
"The Application Messaging Gateway is configured to run by default on the PeopleSoft Web server," the advisory said.
The vulnerability effects all 8.1x versions of PeopleTools, with the exception of 8.19. 8.4x versions are not affected. PeopleSoft users can upgrade to version 8.19, but they might have to wait a while.
"PeopleSoft has addressed all of the issues described in this advisory in PeopleTools 8.19, available on PeopleSoft's Customer Connection site in early February," ISS said.
In the meantime, until the update becomes available, ISS have recommended a series of workarounds.
"ISS X-Force recommends that all PeopleSoft administrators block or restrict access to the servlets in question. X-Force also recommends that administrators take advantage of the security mechanisms that BEA WebLogic Servers provide," they said.
ISS has been subjected to criticism in the past for hastily disclosing security vulnerabilities to the security community without allowing vendors or software companies an adequate timeframe in which to engineer security fixes.
In June last year they issued a public advisory after discovering a critical security flaw in the Apache web server before notifying the Apache Software Foundation, the group responsible for maintaining the software. As a result it was some time before the appropriate security updates were made available.
Patrick Gray, ZDNet Australia writes for ZDNet Australia
I have been mandated by my client to identify experienced Peoplesoft HCM consultants with stock administration experience. Requirements: - long-term ...
Juniper Secure access and NSM - VSYS experience Although not paramount the following are desirable - Ciscoworks, F5 BigLP, Toplayer, Bluecoat ...
For our prestigious customer Hays IT is looking for Peoplesoft HRMS Developer to work on 6-8 weeks project based in Berkshire. The part you would ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business