Vulnerability Name:

CVE-2011-1892 (CCN-68837)

Assigned:2011-09-13
Published:2011-09-13
Updated:2018-10-12
Summary:Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.1 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2011-1892

Source: CCN
Type: SA46008
Microsoft SharePoint XML / XSL Processing File Disclosure Vulnerability

Source: SREASON
Type: UNKNOWN
8386

Source: CCN
Type: Microsoft Security Bulletin MS11-074
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Source: CCN
Type: BID-49511
Microsoft SharePoint XML Handling Remote File Disclosure Vulnerability

Source: CERT
Type: US Government Resource
TA11-256A

Source: MS
Type: UNKNOWN
MS11-074

Source: XF
Type: UNKNOWN
ms-sharepoint-xml-file-disclosure(68837)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12907

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-20-2011]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:groove:2007:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_server:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_workspace:2010:*:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_workspace:2010:*:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_workspace:2010:sp1:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_workspace:2010:sp1:x64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:office_web_apps:*:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_server:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove:2007:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12907
    V
    		SharePoint Remote File Disclosure Vulnerability
    2013-11-11
    BACK
    microsoft forms server 2007 sp2
    microsoft forms server 2007 sp2
    microsoft groove 2007 sp2
    microsoft groove data bridge server 2007 sp2
    microsoft groove management server 2007 sp2
    microsoft groove server 2010
    microsoft groove server 2010 sp1
    microsoft office web apps 2010
    microsoft office web apps 2010 sp1
    microsoft sharepoint foundation 2010
    microsoft sharepoint server 2007 sp2
    microsoft sharepoint server 2007 sp2
    microsoft sharepoint server 2010
    microsoft sharepoint server 2010 sp1
    microsoft sharepoint services 3.0 sp2
    microsoft sharepoint services 3.0 sp2
    microsoft sharepoint workspace 2010
    microsoft sharepoint workspace 2010
    microsoft sharepoint workspace 2010 sp1
    microsoft sharepoint workspace 2010 sp1
    microsoft sharepoint server 2007 sp2
    microsoft sharepoint server 2007 sp2
    microsoft sharepoint services 3.0 sp2
    microsoft sharepoint services 3.0 sp2
    microsoft office web apps *
    microsoft groove server 2010
    microsoft groove 2007 sp2
    microsoft sharepoint server 2010
    microsoft groove data bridge server 2007 sp2
    microsoft groove management server 2007 sp2