CVE-2010-0716 - OpenCVE

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Sharepoint Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:sharepoint_server::sp2::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2007:::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2007:sp1::::::

References

Link	Resource
http://www.hacktics.com/content/advisories/AdvMS20100222.html	Exploit
http://www.securityfocus.com/archive/1/509683/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/56597

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-26T19:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0716

JSON object: View

NVD Information

Status : Modified

Published: 2010-02-26T19:30:00.807

Modified: 2018-10-10T19:53:27.857

Link: CVE-2010-0716

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sharepoint-aspx-xss(56597)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0716", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sharepoint-aspx-xss(56597)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}, {"name": "http://www.hacktics.com/content/advisories/AdvMS20100222.html", "refsource": "MISC", "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0716", "datePublished": "2010-02-26T19:00:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "684DF2AD-1436-4976-8DF1-1B5D7162E8D9", "versionEndIncluding": "2007", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*", "matchCriteriaId": "864B622E-B522-4791-AC82-0711130544BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "CF3C2971-447B-4054-86C6-3169B82E525B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}, {"lang": "es", "value": "_layouts/Upload.aspx en el modulo \"Documents\" en Microsoft SharePoint anteriores a 2010 usa URLs con el mismo nombre de servidor y n\u00famero de puerto para ficheros principales del sitio y los subidos por usuarios individuales (tambi\u00e9n conocidos como adjuntados), lo que permite a usuarios remotos autenticados fortalecer las relaciones del mismo origen y conducir ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) subiendo ficheros TXT, relacionado con CVE-2008-5026. NOTA: el desarrollador ha disputado la importancia de este vulnerabilidad debido a que se puede aislar el dominio cruzado cuando se necesite."}], "id": "CVE-2010-0716", "lastModified": "2018-10-10T19:53:27.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-02-26T19:30:00.807", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}