Description

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

Remediation

References

CVE-2018-0864

Related Vulnerabilities

WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (3.0.2)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1947)

PleskWin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1557)

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.23)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)

Severity

Medium

Classification

CVE-2018-0864 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities