HTTP: Microsoft System Center Configuration Manager Reflected XSS Attack
This signature detects attacks against a known flaw in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
Extended Description
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
Affected Products
Microsoft systems_management_server
Short Name
HTTP:XSS:MS-SCCM-REFLECTED
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attack CVE-2012-2536 Center Configuration Manager Microsoft Reflected System XSS bid:55430
Release Date
09/10/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3