Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:MS-SP-RFI-INFODISCLOSE

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft SharePoint SPVirtualFile and WebPartPageWebService Information Disclosure

Release Date

 2020/01/17

Update Number

 3245

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft SharePoint SPVirtualFile and WebPartPageWebService Information Disclosure


This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint's SPVirtualFile and WebPartPageWebService classes . A successful attack can lead to sensitive information disclosure.

Extended Description

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Affected Products

  • Microsoft sharepoint_enterprise_server 2016
  • Microsoft sharepoint_foundation 2010
  • Microsoft sharepoint_foundation 2013
  • Microsoft sharepoint_server 2019

References

  • CVE: CVE-2019-1443
  • URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out