CVE-2019-0670 - OpenCVE

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Sharepoint Foundation Sharepoint Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1::::::

References

Link	Resource
http://www.securityfocus.com/bid/106900	Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2019-03-06T00:00:00

Updated: 2019-03-06T10:57:01

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0670

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-05T23:29:02.410

Modified: 2019-03-06T21:23:03.777

Link: CVE-2019-0670

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Microsoft SharePoint Foundation", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2013 Service Pack 1"}]}, {"product": "Microsoft SharePoint Enterprise Server", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2013 Service Pack 1"}]}], "datePublic": "2019-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-06T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "106900", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106900"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0670", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft SharePoint Foundation", "version": {"version_data": [{"version_value": "2013 Service Pack 1"}]}}, {"product_name": "Microsoft SharePoint Enterprise Server", "version": {"version_data": [{"version_value": "2013 Service Pack 1"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Spoofing"}]}]}, "references": {"reference_data": [{"name": "106900", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106900"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0670", "datePublished": "2019-03-06T00:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2019-03-06T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "A5D3A185-BE57-403E-914E-FDECEC3A477C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'."}, {"lang": "es", "value": "Existe una vulnerabilidad de suplantaci\u00f3n en Microsoft SharePoint cuando la aplicaci\u00f3n no analiza de manera correcta el contenido HTTP. Esto tambi\u00e9n se conoce como \"Microsoft SharePoint Spoofing Vulnerability\"."}], "id": "CVE-2019-0670", "lastModified": "2019-03-06T21:23:03.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-05T23:29:02.410", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106900"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}