Microsoft SharePoint Service Help.aspx 'tid' Parameter DoS

Medium Nessus Plugin ID 47579

Synopsis

An application running on the remote web server has a denial of
service vulnerability.

Description

The version of Microsoft SharePoint Services running on the remote
host has a denial of service vulnerability. Sending invalid data to
the 'tid' parameter of 'help.aspx' can cause the application to hang.

A remote attacker could exploit this by sending malicious requests,
causing SharePoint to hang temporarily, resulting in a denial of
service. Repeatedly sending malicious requests can cause SharePoint's
application pool to stop, which would require a manual restart of the
application pool.

Solution

Microsoft has released a set of patches for SharePoint Services.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-039

Plugin Details

Severity: Medium

ID: 47579

File Name: sharepoint_help_dos.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 2010/07/01

Modified: 2018/11/15

Dependencies: 38157, 10107

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2010/06/08

Vulnerability Publication Date: 2010/06/08

Reference Information

CVE: CVE-2010-1264

BID: 40559

IAVA: 2010-A-0079

MSFT: MS10-039

Secunia: 39603

MSKB: 2328360, 2344911, 2344993, 2345000, 2345009, 2345043, 2346411