Preemptive Protection against Microsoft SharePoint Server Multiple Cross Site Scripting Vulnerabilities (MS11-074)
| Check Point Reference: | CPAI-2011-403 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS11-074 | |
| Industry Reference(s): | CVE-2011-1890 CVE-2011-0653 CVE-2011-1893 CVE-2011-1891 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? SharePoint Server 2010 | ||
| Vulnerability Description Multiple cross-site scripting vulnerabilities have been reported in Microsoft SharePoint Server. A remote attacker could exploit these vulnerabilities to execute a cross-site scripting attack that could allow him to issue commands in an affected SharePoint server. |
||
|
Update/Patch Available Apply patches from: Microsoft Security Bulletin MS11-074 |
|
|
Vulnerability Details The vulnerabilities are due to insufficient validation of user input by an affected SharePoint server. An attacker can exploit these vulnerabilities by convincing unsuspecting users to open a specially crafted website. Successful exploitation will allow an attacker to issue SharePoint commands in an affected server, in the security context of the logged in user. |
Protection Overview
This protection detects and blocks malicious requests made to the vulnerable SharePoint server.
Users are protected against this vulnerability if the Cross-Site Scripting protection (CPSA-2003-07) has been applied. For information on how to obtain the latest protections for your Security Gateway, go to SBP-2006-05, click on the Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections, find the Cross-Site Scripting protection using the Search tool and double-click on the preferred profile to edit the protection's settings.
- Choose the protection's Action (Override IPS Policy with: Prevent/Detect), select Apply to selected web servers and click on Customize.
- Double-click on the SharePoint web-server.
- Check the Cross-Site Scripting option and click on Advanced.
- Set the protection level to High.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Application Servers Protection Violation
Attack Information: Cross-Site Scripting