Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
BID:10043
Info
Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 10043 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0379 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery is credited to Ory Segal from Sanctum inc. <http://www.SanctumInc.com>. |
| Vulnerable: |
Microsoft SharePoint Portal Server 2001 SP2A Microsoft SharePoint Portal Server 2001 SP2 Microsoft SharePoint Portal Server 2001 SP1 Microsoft SharePoint Portal Server 2001 |
| Not Vulnerable: |
Microsoft SharePoint Portal Server 2001 SP3 |
Discussion
Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.
It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.
Exploit / POC
Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
Solution:
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues.
Microsoft SharePoint Portal Server 2001 SP1
Microsoft SharePoint Portal Server 2001 SP2A
Microsoft SharePoint Portal Server 2001
Microsoft SharePoint Portal Server 2001 SP2
Solution:
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues.
Microsoft SharePoint Portal Server 2001 SP1
-
Microsoft SharePoint Portal Server 2001 Service Pack 3 (SP3): KB837017
http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470 -465F-9F63-E621094103E0&displaylang=en
Microsoft SharePoint Portal Server 2001 SP2A
-
Microsoft SharePoint Portal Server 2001 Service Pack 3 (SP3): KB837017
http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470 -465F-9F63-E621094103E0&displaylang=en
Microsoft SharePoint Portal Server 2001
-
Microsoft SharePoint Portal Server 2001 Service Pack 3 (SP3): KB837017
http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470 -465F-9F63-E621094103E0&displaylang=en
Microsoft SharePoint Portal Server 2001 SP2
-
Microsoft SharePoint Portal Server 2001 Service Pack 3 (SP3): KB837017
http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470 -465F-9F63-E621094103E0&displaylang=en
References
Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities
References:
References:
- Knowledge Base Article - 837017 (Microsoft)
- Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 (Ory Segal
)