HTTP: Microsoft Windows Sharepoint Services Cross-Site-Scripting
This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Services and Office. Attacker can attempt to use cross-site-scripting using GET/POST HTTP messages to locally or remotely attack a target.
Extended Description
A cross-site scripting and spoofing vulnerability affects Microsoft Windows SharePoint Services and SharePoint Team Services. A remote attacker may carry out a cross-site scripting attack to execute arbitrary HTML and script code in a user's browser. It is also possible to poison Web browser and intermediate proxy server caches by placing spoofed content in the caches.
Affected Products
Microsoft windows_sharepoint_services_windows_server_2003
References
BugTraq: 12476
CVE: CVE-2005-0049
URL: http://www.kb.cert.org/vuls/id/340409 http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx
Short Name
HTTP:XSS:SHAREPOINT-XSS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-0049 Cross-Site-Scripting Microsoft Services Sharepoint Windows bid:12476
Release Date
02/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3