Microsoft SharePoint Service Help.aspx 'tid' Parameter DoS
Medium Nessus Plugin ID 47579
SynopsisAn application running on the remote web server has a denial of service vulnerability.
DescriptionThe version of Microsoft SharePoint Services running on the remote host has a denial of service vulnerability. Sending invalid data to the 'tid' parameter of 'help.aspx' can cause the application to hang.
A remote attacker could exploit this by sending malicious requests, causing SharePoint to hang temporarily, resulting in a denial of service. Repeatedly sending malicious requests can cause SharePoint's application pool to stop, which would require a manual restart of the application pool.
SolutionMicrosoft has released a set of patches for SharePoint Services.