Hillstone Networks

RULE（RULE ID：322260）

Rule General Information


Release Date:		2019-07-04

Rule Name:		Microsoft Sharepoint 2007 Path Info XSS Vulnerability (CVE-2007-2581)

Severity:

CVE ID:

Rule Protection Details


Description:		Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

Impact:		An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.

Affected OS:		Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others

Reference:		SecurityFocusBID:23832 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059 http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html http://securityreason.com/securityalert/2682

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
ttp://www.microsoft.com/technet/security/bulletin/ms07-059.mspx