HTTP: Microsoft Sharepoint Server DataFormWebPart Server-side Include Injection
This signature detects attempts to exploit a known vulnerability against Microsoft Sharepoint Server. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.
Affected Products
Microsoft sharepoint_server
Short Name
HTTP:CTS:MS-SHAREPTS-DFORM-SSI
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-16952 DataFormWebPart Include Injection Microsoft Server Server-side Sharepoint
Release Date
11/05/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.8