Lucene search

[email protected]CVE-2009-3830

HistoryOct 30, 2009 - 8:30 p.m.

CVE-2009-3830

2009-10-3020:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-3830

team services

microsoft office sharepoint server 2007

security vulnerability

asp.net

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.895 High

EPSS

Percentile

98.8%

JSON

The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

Affected configurations

NVD

Node

microsoftsharepoint_serverMatch2007

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2007

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007

References

support.microsoft.com/kb/976829

www.securityfocus.com/archive/1/507419/100/0/threaded

www.securityfocus.com/bid/36817

exchange.xforce.ibmcloud.com/vulnerabilities/53955

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.895 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2009-3830

prion1 nvd1 openvas2 cvelist1