CVE-2009-3830

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint Server 2007 versions 12.0.0.4518 through 12.0.0.6219

Description The issue allows remote attackers to read ASP.NET source code. This is achieved by manipulating pathnames in the SourceUrl and Source parameters to the "/ layouts/download.aspx" API endpoint.

Recommendations For Microsoft Office SharePoint Server 2007 versions 12.0.0.4518 through 12.0.0.6219, consider restricting access to the layouts/download.aspx API endpoint until a fix is available. As a temporary workaround, avoid using the SourceUrl and Source parameters in the affected API endpoint.