CVE-2008-4032

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan apropiadamente la autenticación y autorización de funciones administrativas, lo que permite a atacantes remotos provocar una denegación de servicio (server load), obtener información sensible y "crear scripts que podrían ejecutarse en el contexto del sitio" mediante peticiones a URIs de administración, alias "Vulnerabilidad de Control de Acceso".

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-10 CVE Reserved
2008-12-10 CVE Published
2024-08-07 CVE Updated
2024-08-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (6)

URL	Tag	Source
http://secunia.com/advisories/33063	Third Party Advisory
http://www.securitytracker.com/id?1021367	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/3389	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Office Sharepoint Server Search vendor "Microsoft" for product "Office Sharepoint Server"				2007 Search vendor "Microsoft" for product "Office Sharepoint Server" and version "2007"		x32		Affected
Microsoft Search vendor "Microsoft"		Office Sharepoint Server Search vendor "Microsoft" for product "Office Sharepoint Server"				2007 Search vendor "Microsoft" for product "Office Sharepoint Server" and version "2007"		x64		Affected
Microsoft Search vendor "Microsoft"		Office Sharepoint Server Search vendor "Microsoft" for product "Office Sharepoint Server"				2007 Search vendor "Microsoft" for product "Office Sharepoint Server" and version "2007"		sp1, x32		Affected
Microsoft Search vendor "Microsoft"		Office Sharepoint Server Search vendor "Microsoft" for product "Office Sharepoint Server"				2007 Search vendor "Microsoft" for product "Office Sharepoint Server" and version "2007"		sp1, x64		Affected
Microsoft Search vendor "Microsoft"		Search Server Search vendor "Microsoft" for product "Search Server"				2008 Search vendor "Microsoft" for product "Search Server" and version "2008"		x32		Affected
Microsoft Search vendor "Microsoft"		Search Server Search vendor "Microsoft" for product "Search Server"				2008 Search vendor "Microsoft" for product "Search Server" and version "2008"		x64		Affected