ID de Prueba:	1.3.6.1.4.1.25623.1.0.800968
Categoría:	Web application abuses
Título:	Microsoft SharePoint Team Services Information Disclosure Vulnerability
Resumen:	Microsoft SharePoint Server is prone to an information disclosure vulnerability.
Descripción:	Summary: Microsoft SharePoint Server is prone to an information disclosure vulnerability. Vulnerability Insight: This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the download.aspx in SharePoint Team Services. Vulnerability Impact: Attackers can exploit this issue via specially-crafted HTTP requests to obtain the source code of arbitrary ASP.NET files from the backend database. Affected Software/OS: Microsoft Office SharePoint Server 2007 12.0.0.6219 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3830 BugTraq ID: 36817 http://www.securityfocus.com/bid/36817 Bugtraq: 20091026 SharePoint 2007 ASP.NET Source Code Disclosure (Google Search) http://www.securityfocus.com/archive/1/507419/100/0/threaded Microsoft Knowledge Base article: 976829 http://support.microsoft.com/kb/976829 XForce ISS Database: sharepoint-download-info-disclosure(53955) https://exchange.xforce.ibmcloud.com/vulnerabilities/53955
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.