CVE-2008-4032

Microsoft Office Sharepoint Server - Authentication Bypass

Title source: rule

Description

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

References (6)

[Third Party Advisory] http://secunia.com/advisories/33063

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-344A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021367

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/3389

Scores

EPSS 0.5943

EPSS Percentile 98.2%

Classification

CWE

CWE-287

Status draft

Affected Products (6)

microsoft/office_sharepoint_server

microsoft/office_sharepoint_server

microsoft/office_sharepoint_server

microsoft/office_sharepoint_server

microsoft/search_server

microsoft/search_server

Timeline

Published Dec 10, 2008

Tracked Since Feb 18, 2026