This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-12-10
Product Search Server Last view 2008-12-10
Version 2008 Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:search_server:2008:*:x32:*:*:*:*:* 1
cpe:2.3:a:microsoft:search_server:2008:*:x64:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.5 2008-12-10 CVE-2008-4032

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-287 Improper Authentication

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:5774 Access Control Vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
50585 Microsoft Office SharePoint Server Administrative URL Security Bypass

OpenVAS Exploits

id Description
2008-12-12 Name : Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of ...
File : nvt/secpod_ms08-077.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-B-0082 Microsoft Office SharePoint Server and Microsoft Search Server Remote Privile...
Severity: Category I - VMSKEY: V0017911

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office SharePoint Server elevation of privilege exploit attempt
RuleID : 15108 - Type : SERVER-WEBAPP - Revision : 13

Nessus® Vulnerability Scanner

id Description
2008-12-10 Name: A user can elevate his privileges through SharePoint.
File: smb_nt_ms08-077.nasl - Type: ACT_GATHER_INFO