Vulnerability Description
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Portal Server | 2003 |
| Microsoft | Sharepoint Team Services | All versions |
References
- http://www.kb.cert.org/vuls/id/340409PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatchUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19091
- http://www.kb.cert.org/vuls/id/340409PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatchUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19091
FAQ
What is CVE-2005-0049?
CVE-2005-0049 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web sc...
How severe is CVE-2005-0049?
CVE-2005-0049 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0049?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Portal Server, Microsoft Sharepoint Team Services.