CVE-2008-4032 - OpenCVE

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Sharepoint Server Search Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x32:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x64:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:::::*
	cpe:2.3:a:microsoft:search_server:2008::x32:::::
	cpe:2.3:a:microsoft:search_server:2008::x64:::::

No data.

References

Link	Providers
http://secunia.com/advisories/33063
http://www.securitytracker.com/id?1021367
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
http://www.vupen.com/english/advisories/2008/3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2008-12-10T13:33:00

Updated: 2024-08-07T10:00:42.417Z

Reserved: 2008-09-10T00:00:00

Link: CVE-2008-4032

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-10T14:00:00.907

Modified: 2018-10-12T21:48:31.500

Link: CVE-2008-4032

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1021367", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021367"}, {"name": "ADV-2008-3389", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"name": "oval:org.mitre.oval:def:5774", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}, {"name": "33063", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33063"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "MS08-077", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-4032", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021367", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021367"}, {"name": "ADV-2008-3389", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"name": "oval:org.mitre.oval:def:5774", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}, {"name": "33063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33063"}, {"name": "TA08-344A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "MS08-077", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:00:42.417Z"}, "title": "CVE Program Container", "references": [{"name": "1021367", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021367"}, {"name": "ADV-2008-3389", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"name": "oval:org.mitre.oval:def:5774", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}, {"name": "33063", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33063"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "MS08-077", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-4032", "datePublished": "2008-12-10T13:33:00", "dateReserved": "2008-09-10T00:00:00", "dateUpdated": "2024-08-07T10:00:42.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x32:*:*:*:*:*", "matchCriteriaId": "27885107-A157-4BF0-A72C-2DEF0B24A723", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x64:*:*:*:*:*", "matchCriteriaId": "9144DFDA-7A7A-452C-AE4C-1A45F56B0F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*", "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*", "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x32:*:*:*:*:*", "matchCriteriaId": "5BAED31C-1137-463E-A814-FFBFF3648ADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x64:*:*:*:*:*", "matchCriteriaId": "DAD6B519-DD1E-4230-AF7C-0D6DE6EF4FF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan apropiadamente la autenticaci\u00f3n y autorizaci\u00f3n de funciones administrativas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (server load), obtener informaci\u00f3n sensible y \"crear scripts que podr\u00edan ejecutarse en el contexto del sitio\" mediante peticiones a URIs de administraci\u00f3n, alias \"Vulnerabilidad de Control de Acceso\"."}], "id": "CVE-2008-4032", "lastModified": "2018-10-12T21:48:31.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-10T14:00:00.907", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/33063"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021367"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/3389"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}