CVE-2008-4032 - OpenCVE

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Sharepoint Server Search Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x32:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x64:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:::::*
	cpe:2.3:a:microsoft:search_server:2008::x32:::::
	cpe:2.3:a:microsoft:search_server:2008::x64:::::

References

Link	Resource
http://secunia.com/advisories/33063
http://www.securitytracker.com/id?1021367
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-12-10T13:33:00

Updated: 2018-10-12T19:57:01

Reserved: 2008-09-10T00:00:00

Link: CVE-2008-4032

JSON object: View

NVD Information

Status : Modified

Published: 2008-12-10T14:00:00.907

Modified: 2018-10-12T21:48:31.500

Link: CVE-2008-4032

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1021367", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021367"}, {"name": "ADV-2008-3389", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"name": "oval:org.mitre.oval:def:5774", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}, {"name": "33063", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33063"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "MS08-077", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-4032", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021367", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021367"}, {"name": "ADV-2008-3389", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"name": "oval:org.mitre.oval:def:5774", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}, {"name": "33063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33063"}, {"name": "TA08-344A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "MS08-077", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-4032", "datePublished": "2008-12-10T13:33:00", "dateReserved": "2008-09-10T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x32:*:*:*:*:*", "matchCriteriaId": "27885107-A157-4BF0-A72C-2DEF0B24A723", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x64:*:*:*:*:*", "matchCriteriaId": "9144DFDA-7A7A-452C-AE4C-1A45F56B0F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*", "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*", "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x32:*:*:*:*:*", "matchCriteriaId": "5BAED31C-1137-463E-A814-FFBFF3648ADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x64:*:*:*:*:*", "matchCriteriaId": "DAD6B519-DD1E-4230-AF7C-0D6DE6EF4FF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan apropiadamente la autenticaci\u00f3n y autorizaci\u00f3n de funciones administrativas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (server load), obtener informaci\u00f3n sensible y \"crear scripts que podr\u00edan ejecutarse en el contexto del sitio\" mediante peticiones a URIs de administraci\u00f3n, alias \"Vulnerabilidad de Control de Acceso\"."}], "id": "CVE-2008-4032", "lastModified": "2018-10-12T21:48:31.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-10T14:00:00.907", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/33063"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021367"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}