1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cumulative Patch for Microsoft Content Management Server: Jan 22

Discussion in 'Windows XP' started by eddie5659, Jan 22, 2003.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Hiya

    Issue:
    ======
    Microsoft Content Management Server (MCMS) 2001 is an Enterprise
    Server product that simplifies developing and managing E-Commerce
    web sites. MCMS includes a number of pre-defined ASP web pages that
    allow web site operators to quickly set up E-business websites.

    A Cross-Site Scripting flaw exists in one of these ASP pages that
    could allow an attacker to insert script into the data being sent
    to a MCMS server. Because the server generates a web page in
    response to a user request made using this page, it is possible that
    the script could be embedded within the page that CMS generates and
    returns to the user, this script would then run when processed by
    the user's browser. This could result in an attacker being able to
    access information the user shared with the legitimate site.

    An attacker might attempt to exploit this flaw by crafting a
    malicious link to a valid site that the user intended to visit.
    If the attacker were able to get a user to click the link-most
    likely by sending the link in an email-then it could be possible
    for the attacker to take a variety of actions. The attacker could
    alter the data that appeared to be contained on the web pages
    presented by the legitimate site, monitor the user's session with
    the legitimate site and copy personal data from the legitimate site
    to a site under the attacker's control, or access the legitimate
    site's cookies.

    Mitigating Factors:
    ====================
    - This flaw is not present in Microsoft Content Management
    Server 2002.
    - The attacker would have no way to force users to visit
    the malicious site. Instead, the attacker would need to
    lure them there, typically by getting them to click on
    a link that would take them to the attacker's site.


    Maximum Severity Rating: Important

    Affected Software:

    Microsoft Content Management Server 2001


    Download locations for this patch

    Microsoft Content Management Server 2001:


    http://download.microsoft.com/download/5/9/3/5936344a-480c-4343-bcea-b3f6aa25fa23/mcms2001srp2.exe

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-002.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Cumulative Patch Microsoft
  1. plodr
    Replies:
    4
    Views:
    639
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114790

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice