Microsoft SharePoint Team Services Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft SharePoint Server and is prone to Information Disclosure Vulnerability.

Impact

Attackers can exploit this issue via specially-crafted HTTP requests to obtain the source code of arbitrary ASP.NET files from the backend database. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the download.aspx in SharePoint Team Services.

Affected

Microsoft Office SharePoint Server 2007 12.0.0.6219 and prior.

References

http://support.microsoft.com/kb/976829
http://www.securityfocus.com/archive/1/archive/1/507419/100/0/threaded
http://xforce.iss.net/xforce/xfdb/53955

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3830

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat Multiple Vulnerabilities June-09
Apache Archiva Multiple Vulnerabilities

Take action and discover your vulnerabilities