| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 7 Oct 2003 21:01:08 -0000 From: <info@...ssure.com> To: bugtraq@...urityfocus.com Subject: PeopleSoft <LONGCHAR >and <VARCHAR> Data Upload Vendor: PeopleSoft Solution ID: 200749181 Product: People Tools Version: 8.42, Others? Platform: Solaris 8, BEA WebLogic, Others? Remote/Local: Remote, Authenticated Title: Character Field Length Impact: Possible denial of service. Description: LONGCHAR and VARCHAR fields allow potentially large amounts of data to be uploaded. These fields default to the maximum allowed size for their data type established on the database. Vendor Solution: The database can be configured to limit the size of these data types, however, this should be tested to assess the impact to the application. Consider also looking at modifying the field definitions within the Application. Restricting size with the field definition would prevent using these LONG fields to upload large amounts of data. Note that making any changes to the delivered application is considered to be a customization beyond the scope of the Global Support Center. Make sure and take a backup of the data before making such changes. Vendor Trail: 3 June 03 PeopleSoft contacted 3 June 03 PeopleSoft confirms 24 June 03 PeopleSoft teleconference 19 July 03 PeopleSoft posts to Customer Connection Contributers: Barrett McGuire Larry Wargo Matt Fotter
Powered by blists - more mailing lists