Preemptive Protection against Microsoft SharePoint Server Cross-Site Scripting Vulnerability (MS07-059)
| Check Point Reference: | CPAI-2007-119 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS07-059 | |
| Industry Reference(s): | CVE-2007-2581 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows SharePoint Services 3.0 Microsoft Office SharePoint Server 2007 | ||
| Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Windows SharePoint Services and in Microsoft Office SharePoint Server. Windows SharePoint Services provide a platform for collaboration applications and document management. Office SharePoint Server is an integrated suite of server capabilities built on top of Windows SharePoint Services. Successful exploitation of this vulnerability could result in elevation of privilege within the SharePoint Site. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-059 |
|
|
Vulnerability Details The vulnerability is due to insufficient validation of URL-encoded requests. A remote attacker may convince a user to click on a specially crafted link that contains script code. Successful exploitation of this issue may result in information disclosure, and may allow the attacker to run arbitrary code on the vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block cross site scripting attacks. No update is required to address this vulnerability.
Users are protected against this vulnerability if the Protection against Cross Site Scripting addressed in CPSA-2005-03 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Cross-Site Scripting.
2. In the configuration pane, under Settings > Mode, check Active.
3. In the configuration pane, under Protection Scope check Apply to all HTTP traffic.
4. Set the Security Level on High.
5. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Layer > and select Cross Site Scripting.
2. In the configuration pane, under Protection Scope select Apply to all HTTP traffic.
3. In the configuration pane, set the Security Level on High.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > Cross Site Scripting.
2. In the configuration pane check Block All Tags for all defined web servers.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > Cross Site Scripting.
2. In the configuration pane check Block All Tags for all defined web servers.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click Application Layer > and select Cross Site Scripting.
3. In the configuration pane, set the Security Level on High.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > Web Intelligence.
2. Under Protection dealing with web applications using HTTP, select the following:
Cross Site Scripting
3. Set the Security Level on High.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL