Signature Detail
Short Name |
HTTP:INFO-LEAK:SHAREPOINT-INFO |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Microsoft SharePoint Server Information Disclosure Vulnerability |
Release Date |
2011/09/12 |
Update Number |
1992 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft SharePoint Server Information Disclosure Vulnerability
This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Server. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.
Extended Description
Microsoft SharePoint is prone to a vulnerability that lets attackers access local files. An attacker can exploit this vulnerability to retrieve local files from a vulnerable computer in the context of the vulnerable service. Information obtained may aid in further attacks.
Affected Products
- Microsoft Groove 2007 SP2
- Microsoft Groove Server 2010 SP1
- Microsoft Groove Server 2010
- Microsoft Office Forms Server 2007 SP2
- Microsoft Office Groove Data Bridge Server 2007 SP2
- Microsoft Office Groove Management Server 2007 SP2
- Microsoft Office Web Apps 2010 SP1
- Microsoft Office Web Apps 2010
- Microsoft SharePoint Foundation 2010
- Microsoft SharePoint Server 2007 SP2
- Microsoft SharePoint Server 2007 x64 SP2
- Microsoft SharePoint Server 2010 SP1
- Microsoft SharePoint Server 2010 Enterprise Edition
- Microsoft SharePoint Server 2010 Standard Edition
- Microsoft SharePoint Services 3.0 SP2
- Microsoft SharePoint Services 64-bit 3.0 SP2
- Microsoft SharePoint Workspace 2010 SP1
- Microsoft SharePoint Workspace 2010
References
- BugTraq: 49511
- CVE: CVE-2011-1892