Sign-up

ID

VAR-201004-0168


CVE

CVE-2010-0817


TITLE

Microsoft SharePoint Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-001463

DESCRIPTION

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. Microsoft SharePoint Server is a server feature integration suite that provides comprehensive content management and enterprise search, accelerates shared business processes, and facilitates cross-border information sharing. The \"/_layouts/help.aspx\" script does not properly filter the input submitted by the user to the \"cid0\" variable. Successful exploitation of the vulnerability can steal COOKIE information such as for authentication, or obtain or modify sensitive data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.43

sources: NVD: CVE-2010-0817 // JVNDB: JVNDB-2010-001463 // CNVD: CNVD-2010-0744 // BID: 39776

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0744

AFFECTED PRODUCTS

vendor:microsoftmodel:sharepoint servicesscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:sharepoint serverscope:eqversion:2007

Trust: 1.6

vendor:microsoftmodel:sharepoint serverscope:eqversion:200712.0.0.6318

Trust: 0.9

vendor:microsoftmodel:sharepoint serverscope:eqversion:200712.0.0.6421

Trust: 0.9

vendor:microsoftmodel:sharepoint server sp1scope:eqversion:2007

Trust: 0.9

vendor:microsoftmodel:sharepoint server sp2scope:eqversion:2007

Trust: 0.9

vendor:microsoftmodel:sharepoint serverscope:eqversion:2007x640

Trust: 0.9

vendor:microsoftmodel:sharepoint server sp1scope:eqversion:2007x64

Trust: 0.9

vendor:microsoftmodel:sharepoint server sp2scope:eqversion:2007x64

Trust: 0.9

vendor:microsoftmodel:office sharepoint serverscope:eqversion:2007 (32 bit version )

Trust: 0.8

vendor:microsoftmodel:office sharepoint serverscope:eqversion:2007 (64 bit version )

Trust: 0.8

vendor:microsoftmodel:windows sharepoint servicesscope:eqversion:3.0 (32 bit version )

Trust: 0.8

vendor:microsoftmodel:windows sharepoint servicesscope:eqversion:3.0 (64 bit version )

Trust: 0.8

vendor:microsoftmodel:windows sharepoint servicesscope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint services 64-bit sp2scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint services 64-bit sp1scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint services 64-bitscope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint services sp2scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint services sp1scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:sharepoint serverscope:eqversion:20070

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:messaging application serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:messaging application serverscope:eqversion:4

Trust: 0.3

vendor:avayamodel:messaging application serverscope:eqversion:0

Trust: 0.3

vendor:avayamodel:meeting exchange webportalscope:eqversion:-6.0

Trust: 0.3

vendor:avayamodel:meeting exchange web conferencing serverscope:eqversion:-0

Trust: 0.3

vendor:avayamodel:meeting exchange streaming serverscope:eqversion:-0

Trust: 0.3

vendor:avayamodel:meeting exchange recording serverscope:eqversion:-0

Trust: 0.3

vendor:avayamodel:meeting exchange client registration serverscope:eqversion:-0

Trust: 0.3

sources: NVD: CVE-2010-0817 // CNNVD: CNNVD-201004-484 // JVNDB: JVNDB-2010-001463 // CNVD: CNVD-2010-0744 // BID: 39776

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0817
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201004-484
value: MEDIUM

Trust: 0.6

NVD: CVE-2010-0817
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.8

sources: NVD: CVE-2010-0817 // CNNVD: CNNVD-201004-484 // JVNDB: JVNDB-2010-001463

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: NVD: CVE-2010-0817 // JVNDB: JVNDB-2010-001463

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-484

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201004-484

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-0817

PATCH
title:983438url:http://www.microsoft.com/technet/security/advisory/983438.mspx
Trust: 0.8
title:MS10-039url:http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Trust: 0.8
title:983438url:http://www.microsoft.com/japan/technet/security/advisory/983438.mspx
Trust: 0.8
title:MS10-039url:http://www.microsoft.com/japan/technet/security/bulletin/ms10-039.mspx
Trust: 0.8
title:MS10-039eurl:http://www.microsoft.com/japan/security/bulletins/ms10-039e.mspx
Trust: 0.8
title:TA10-159Burl:http://software.fujitsu.com/jp/security/vulnerabilities/ta10-159b.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001463

EXTERNAL IDS
db:NVDid:CVE-2010-0817
Trust: 2.7
db:USCERTid:TA10-159B
Trust: 1.8
db:BIDid:39776
Trust: 0.9
db:USCERTid:SA10-159B
Trust: 0.8
db:JVNDBid:JVNDB-2010-001463
Trust: 0.8
db:NSFOCUSid:14916
Trust: 0.6
db:BUGTRAQid:20100428 XSS IN MICROSOFT SHAREPOINT SERVER 2007
Trust: 0.6
db:CNNVDid:CNNVD-201004-484
Trust: 0.6
db:CNVDid:CNVD-2010-0744
Trust: 0.6
sources:
            
            
            NVD: CVE-2010-0817 // 
            
            
            
            CNNVD: CNNVD-201004-484 // 
            
            
            
            JVNDB: JVNDB-2010-001463 // 
            
            
            
            CNVD: CNVD-2010-0744 // 
            
            
            
            BID: 39776

REFERENCES
url:http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta10-159b.html
Trust: 1.8
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7468
Trust: 1.0
url:http://www.securityfocus.com/archive/1/511021/100/0/threaded
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
Trust: 1.0
url:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0817
Trust: 0.8
url:http://www.jpcert.or.jp/at/2010/at100014.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnta10-159b/index.html
Trust: 0.8
url:http://jvn.jp/tr/jvntr-2010-18/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0817
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa10-159b.html
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/#topics
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/511021/100/0/threaded
Trust: 0.6
url:http://www.nsfocus.net/vulndb/14916
Trust: 0.6
url:https://products.office.com/en-us/sharepoint/collaboration
Trust: 0.3
url:http://blogs.technet.com/msrc/archive/2010/04/29/security-advisory-983438-released.aspx
Trust: 0.3
url:/archive/1/511021
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100089744
Trust: 0.3
url:http://www.microsoft.com/technet/security/advisory/983438.mspx
Trust: 0.3
url:http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Trust: 0.3
sources:
            
            
            NVD: CVE-2010-0817 // 
            
            
            
            CNNVD: CNNVD-201004-484 // 
            
            
            
            JVNDB: JVNDB-2010-001463 // 
            
            
            
            CNVD: CNVD-2010-0744 // 
            
            
            
            BID: 39776

CREDITS
High-Tech Bridge SA http://www.htbridge.ch/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201004-484

SOURCES
db:NVDid:CVE-2010-0817
db:CNNVDid:CNNVD-201004-484
db:JVNDBid:JVNDB-2010-001463
db:CNVDid:CNVD-2010-0744
db:BIDid:39776

LAST UPDATE DATE
2021-12-17T21:22:07.102000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2010-0817date:2018-10-12T21:57:00
db:CNNVDid:CNNVD-201004-484date:2010-04-30T00:00:00
db:JVNDBid:JVNDB-2010-001463date:2010-07-01T00:00:00
db:CNVDid:CNVD-2010-0744date:2010-04-30T00:00:00
db:BIDid:39776date:2010-06-10T19:09:00

SOURCES RELEASE DATE
db:NVDid:CVE-2010-0817date:2010-04-29T21:30:00
db:CNNVDid:CNNVD-201004-484date:2010-04-29T00:00:00
db:JVNDBid:JVNDB-2010-001463date:2010-05-26T00:00:00
db:CNVDid:CNVD-2010-0744date:2010-04-30T00:00:00
db:BIDid:39776date:2010-04-28T00:00:00