Security Update for Microsoft SharePoint Server 2010 (August 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The Microsoft SharePoint Server installed on the remote Windows host
is missing security update 2956077. It is, therefore, affected by a
cross-site scripting (XSS) vulnerability when Microsoft SharePoint
Server does not properly sanitize a specially crafted web request to
an affected SharePoint server. An authenticated attacker could exploit
the vulnerability by sending a specially crafted request to an
affected SharePoint server. The attacker who successfully exploited
the vulnerability could then perform cross-site scripting attacks on
affected systems and run script in the security context of the current
user. The attacks could allow the attacker to read content that the
attacker is not authorized to read, use the victim's identity to take
actions on the SharePoint site on behalf of the user, such as change
permissions and delete content, and inject malicious content in the
browser of the user.

See also :

http://www.nessus.org/u?79cb8f9d

Solution :

Microsoft has released a patch for SharePoint Server 2010.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 102272 ()

Bugtraq ID: 100064

CVE ID: CVE-2017-8654

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now