Signature Detail

Short Name	HTTP:XSS:SHAREPOINT-XSS
Severity	Medium
Recommended	No
Category	HTTP
Keywords	Microsoft Windows Sharepoint Services Cross-Site-Scripting
Release Date	2005/02/07
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Windows Sharepoint Services Cross-Site-Scripting

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Services and Office. Attacker can attempt to use cross-site-scripting using GET/POST HTTP messages to locally or remotely attack a target.

Extended Description

A cross-site scripting and spoofing vulnerability affects Microsoft Windows SharePoint Services and SharePoint Team Services. A remote attacker may carry out a cross-site scripting attack to execute arbitrary HTML and script code in a user's browser. It is also possible to poison Web browser and intermediate proxy server caches by placing spoofed content in the caches.

Affected Products

Microsoft SharePoint Team Services from Microsoft
Microsoft Windows SharePoint Services Windows Server 2003 SP1
Microsoft Windows SharePoint Services Windows Server 2003

References

BugTraq: 12476
CVE: CVE-2005-0049
URL: http://www.kb.cert.org/vuls/id/340409
URL: http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Microsoft Windows Sharepoint Services Cross-Site-Scripting

Extended Description

Affected Products

References