This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:microsoft:sharepoint_server:2007
Detail
VendorMicrosoftFirst view 2007-05-09
ProductSharepoint ServerLast view2010-04-29
Version2007TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:microsoft:sharepoint_server

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4.32010-04-29CVE-2010-0817NetworkMediumNone Requ...
3.52010-02-26CVE-2010-0716NetworkMediumRequires ...
52009-10-30CVE-2009-3830NetworkLowNone Requ...
4.32008-11-12CVE-2008-4033NetworkMediumNone Requ...
4.32007-05-09CVE-2007-2581NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
60% (3)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1)CWE-200Information Exposure
20% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:2286SharePoint Privilege Elevation Vulnerability
oval:org.mitre.oval:def:7468Help.aspx XSS Vulnerability
oval:org.mitre.oval:def:5847MSXML Header Request Vulnerability

Open Source Vulnerability Database (OSVDB)

idDescription
64170Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS
59479Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multi...
50279Microsoft XML Core Services HTTP Request Header Field Cross-domain Session St...
50138Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-o...
37630Microsoft SharePoint PATH_INFO (query string) XSS

OpenVAS Exploits

idDescription
2011-09-14Name : Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vu...
File : nvt/gb_sharepoint_39776.nasl
2010-05-04Name : Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
File : nvt/secpod_ms_sharepoint_layouts_xss_vuln.nasl
2010-03-05Name : Microsoft SharePoint Cross Site Scripting Vulnerability
File : nvt/gb_ms_sharepoint_xss_vuln.nasl
2009-11-05Name : Microsoft SharePoint Team Services Information Disclosure Vulnerability
File : nvt/gb_ms_sharepoint_info_disc_vuln.nasl
2008-11-12Name : Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
File : nvt/secpod_ms08-069_900058.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2010-A-0079Multiple Vulnerabilities in Microsoft Office SharePoint
Severity : Category II - VMSKEY : V0024377
2008-A-0084Multiple Vulnerabilities in Microsoft XML Core Services
Severity : Category II - VMSKEY : V0017877
2007-B-0031Windows SharePoint Services and Office SharePoint Server Remote Privilege Esc...
Severity : Category II - VMSKEY : V0015306

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft XML core services cross-domain information disclosure attempt
RuleID : 19818 - Type : OS-WINDOWS - Revision : 9
2014-01-10Microsoft Office SharePoint XSS attempt
RuleID : 16560 - Type : SERVER-WEBAPP - Revision : 17
2015-05-28Microsoft XML core services cross-domain information disclosure attempt
RuleID : 15011 - Type : WEB-CLIENT - Revision : 7
2014-01-10Microsoft Office SharePoint cross site scripting attempt
RuleID : 12629 - Type : SERVER-WEBAPP - Revision : 19

Nessus® Vulnerability Scanner

idDescription
2010-07-01Name : An application running on the remote web server has a cross-site scripting vu...
File : sharepoint_help_xss.nasl - Type : ACT_ATTACK
2010-06-09Name : The remote host has multiple vulnerabilities.
File : smb_nt_ms10-039.nasl - Type : ACT_GATHER_INFO
2008-11-12Name : Arbitrary code can be executed on the remote host through the web or email cl...
File : smb_nt_ms08-069.nasl - Type : ACT_GATHER_INFO
2007-10-09Name : A user can elevate his privileges through SharePoint.
File : smb_nt_ms07-059.nasl - Type : ACT_GATHER_INFO