Signature Detail
Short Name |
HTTP:XSS:MS-SHAREPOINT-PARAM |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft SharePoint Server Parameter Injection Cross-Site Scripting |
Release Date |
2013/11/26 |
Update Number |
2322 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft SharePoint Server Parameter Injection Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint. Attackers can potentially inject javascript allowing the attacker to issue commands in the context of the SharePoint server.
Extended Description
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
Affected Products
- microsoft office_web_apps 2010
- microsoft sharepoint_server 2007 (sp3)
- microsoft sharepoint_server 2010 (sp1)
- microsoft sharepoint_server 2010 (sp2)
- microsoft sharepoint_server 2013
References
- BugTraq: 62800
- CVE: CVE-2013-3895