Microsoft SharePoint download feature information disclosure
|sharepoint-download-info-disclosure (53955)||Low Risk|
Microsoft SharePoint could allow a remote attacker to obtain sensitive information, caused by improper validation of user-supplied input by the download.aspx script in the download functionality in Team Services. By sending a specially-crafted HTTP request, a remote attacker with Open Items or Add and Customize Pages permission could exploit this vulnerability using the SourceUrl or Source parameter to view the source code of arbitrary ASP.NET files from the backend database.
No remedy available as of May 1, 2013.
- BugTraq Mailing List, Mon Oct 26 2009: SharePoint 2007 ASP.NET Source Code Disclosure.
- Microsoft KB Article ID: 976829: Description of SharePoint Server 2007 ASPX page source code access.
- Microsoft Office SharePoint Server Web site: Microsoft Office SharePoint Server.
- BID-36817: Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
- CVE-2009-3830: The download functionality in Team Services in Microsoft Office SharePoint Server 2007 22.214.171.12418 and 126.96.36.19919 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
- OSVDB ID: 59479: Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multiple Parameter ASP.NET Source Disclosure
- Microsoft SharePoint Server 2007
Oct 26, 2009
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this