Preemptive Protection against Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability
| Check Point Reference: | CPAI-2007-109 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-059 | |
| Industry Reference(s): | CVE-2007-2581 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Office SharePoint Server 2007 Microsoft Windows SharePoint Services 3.0 | ||
| Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Windows SharePoint. The Microsoft SharePoint products allow enterprises to organize their information in a single collaborative portal application. A remote attacker can exploit this vulnerability to run malicious scripts on an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-059 |
|
|
Vulnerability Details The vulnerability is due to an input validation error in Microsoft SharePoint which fails to properly ensure that URL encoded requests do not contain script code. A remote attacker can exploit this issue by convincing a user to click on a maliciously crafted URL that contains a script code. Successful exploitation will run a script which may lead to arbitrary code execution on the affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block Cross-Site Scripting attacks. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Cross Site Scripting.
2. In the configuration pane, under Settings > Mode, check Active.
3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Change the security level to HIGH. If you choose to apply the protection to selected web servers:
I. Next to "Apply to selected web servers" click Customize.
II. Choose the relevant web server and click Edit.
III. Next to "Cross Site Scripting" click Advanced.
IV. Change the Security Level to HIGH and click OK.
5. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Layer > Cross Site Scripting.
2. In the configuration pane, the protection can be applied either to all HTTP traffic or to selected web servers.
3. Change the security level to HIGH. If you choose to apply the protection to selected web servers:
I. Next to "Apply to selected web servers" click Customize.
II. Choose the relevant web server and click Edit.
III. Next to "Cross Site Scripting" click Advanced.
IV. Change the Security Level to HIGH and click OK.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click Application Layer > Cross Site Scripting.
3. In the configuration pane change the Security Level to HIGH.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL