Summary
This host is installed with Microsoft SharePoint Server and is prone to Information Disclosure Vulnerability.
Impact
Attackers can exploit this issue via specially-crafted HTTP requests to obtain the source code of arbitrary ASP.NET files from the backend database.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the download.aspx in SharePoint Team Services.
Affected
Microsoft Office SharePoint Server 2007 12.0.0.6219 and prior.
References
Severity
Classification
-
CVE CVE-2009-3830 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities