CVE-2013-0084

Published: Mar 13, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."

Affected (2)

Products: Microsoft: Sharepoint Foundation, Sharepoint Server

2 products

Sharepoint Foundation

Sharepoint Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Foundation	Version 2010 sp1
Microsoft Sharepoint Server	Version 2010 sp1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.