MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) (uncredentialed check)

Medium Nessus Plugin ID 55134

Synopsis

The remote Active Directory Certificate Services Web Enrollment server is vulnerable to a cross-site scripting attack.

Description

Active Directory Certificate Services Web Enrollment is installed on the remote host.

The remote version of this software is vulnerable to a cross-site scripting vulnerability that could allow an attacker to inject a client-side script into the user's web browser instance.

Solution

Install patch MS11-051 from Microsoft.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-051

Plugin Details

Severity: Medium

ID: 55134

File Name: microsoft_certsrv_anon_ms11-051.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 2011/06/15

Updated: 2018/11/15

Dependencies: 10107, 55133

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: www/ms_cert_srv

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/14

Vulnerability Publication Date: 2011/06/14

Reference Information

CVE: CVE-2011-1264

BID: 48175

MSFT: MS11-052

IAVB: 2011-B-0068

MSKB: 2518295

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990