Description

Microsoft SharePoint is a web application platform developed by Microsoft. Because of improper configuration an Anonymous user can enumerate the SharePoint user accounts by incrementing the ID parameter of userdisp.aspx.

Remediation

Restrict Anonymous Access to this page.

References

Fedon_Athcon_June11.pdf

SharePoint

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.39)

WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)

WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)

WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)

WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure