Check Point Advisories

Microsoft SharePoint POST Cross-site Scripting (MS13-067; CVE-2013-3180)

Vulnerability
Protection

Check Point Reference:	CPAI-2013-2907
Date Published:	10 Sep 2013
Severity:	High
Last Updated:	Monday 06 January, 2025
Source:	CVE-2013-3180
Protection Provided by:	Security Gateway R75 R71 R70
Who is Vulnerable?	Microsoft SharePoint Foundation 2010 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 1 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2013
Vulnerability Description	An elevation of privilege exists in Microsoft SharePoint Server.
Update/Patch Avaliable	Apply patches from: MS13-067
Vulnerability Details	The vulnerability is caused when a SharePoint Server does not properly sanitize the content of a specially crafted POST request. An authenticated attacker could exploit this vulnerability by submitting a specially crafted POST request to a SharePoint server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

Protection Overview

This protection will detect and block malformed POST requests to the server.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the Microsoft SharePoint POST Cross-site Scripting (MS13-067) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Web Server Enforcement Violation
Attack Information: Microsoft SharePoint POST Cross-site Scripting (MS13-067)