CVE-2008-4032

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/33063
http://www.securitytracker.com/id?1021367
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774
http://secunia.com/advisories/33063
http://www.securitytracker.com/id?1021367
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x32:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007::x64:::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:::::*
	cpe:2.3:a:microsoft:search_server:2008::x32:::::
	cpe:2.3:a:microsoft:search_server:2008::x64:::::

History

21 Nov 2024, 00:50

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/33063 -~~	() http://secunia.com/advisories/33063 -
References	~~() http://www.securitytracker.com/id?1021367 -~~	() http://www.securitytracker.com/id?1021367 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA08-344A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA08-344A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2008/3389 -~~	() http://www.vupen.com/english/advisories/2008/3389 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774 -

Information

Published : 2008-12-10 14:00

Updated : 2025-04-09 00:30

NVD link : CVE-2008-4032

Mitre link : CVE-2008-4032

CVE.ORG link : CVE-2008-4032

JSON object : View

Products Affected

microsoft

search_server
office_sharepoint_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2008-4032", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-12-10T14:00:00.907", "references": [{"url": "http://secunia.com/advisories/33063", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1021367", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/3389", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/33063", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021367", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3389", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan apropiadamente la autenticaci\u00f3n y autorizaci\u00f3n de funciones administrativas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (server load), obtener informaci\u00f3n sensible y \"crear scripts que podr\u00edan ejecutarse en el contexto del sitio\" mediante peticiones a URIs de administraci\u00f3n, alias \"Vulnerabilidad de Control de Acceso\"."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27885107-A157-4BF0-A72C-2DEF0B24A723"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9144DFDA-7A7A-452C-AE4C-1A45F56B0F37"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E"}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BAED31C-1137-463E-A814-FFBFF3648ADF"}, {"criteria": "cpe:2.3:a:microsoft:search_server:2008:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAD6B519-DD1E-4230-AF7C-0D6DE6EF4FF8"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

7.5 /10