ET WEB_SPECIFIC_APPS Oracle PeopleSoft Integration Gateway HttpListeningConnector XXE (CVE-2013-3821)

SID: 2069973Rev: 12 views

Fileemerging-web_specific_apps.rules

CreatedJune 17, 2026

UpdatedJune 17, 2026

Classificationweb-application-attack

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS Oracle PeopleSoft Integration Gateway HttpListeningConnector XXE (CVE-2013-3821)"; flow:established,to_server; http.request_line; content:"POST /PSIGW/HttpListeningConnector"; fast_pattern; startswith; http.request_body; content:"|3c 21|ENTITY"; content:"SYSTEM"; distance:0; reference:url,blog.lexfo.fr/oracle-peoplesoft-xxe-to-rce.html; reference:cve,2013-3821; classtype:web-application-attack; sid:2069973; rev:1; metadata:affected_product Oracle_PeopleSoft, attack_target Server, tls_state TLSDecrypt, created_at 2026_06_17, cve CVE_2013_3821, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2026_06_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	blog.lexfo.fr/oracle-peoplesoft-xxe-to-rce.html
cve	2013-3821

Metadata

affected productOracle_PeopleSoft

attack targetServer

tls stateTLSDecrypt

created at2026_06_17

cve

CVE-2013-3821

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagExploit

updated at2026_06_17

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!