CVE-2009-3830: The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET…

CVE-2009-3830 [MEDIUM] CWE-20 GHSA-r5qq-f9fv-hh53: The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12 The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

CVE-2009-3830 SharePoint 2007 - Team Services Source Code Disclosure SharePoint 2007 - Team Services Source Code Disclosure --- Summary Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin Vendor: Microsoft Systems Affected: SharePoint 2007 (12.0.0.6219, 12.0.0.4518 and possibly others) Risk: Medium Status: Reported TimeLine Discovered: 17 September 2008 Released: 2 October 2008 Approved: 3 October 2008 Reported: 8 October 2008 Fixed: Published: 23 October 2009 Description Microsoft SharePoint is a browser-based collaboration and document management platform. It can be used to host web sites that access shared workspaces and documents, as well as specialized applications like wikis and blogs from a browser. It was found that the download facility of Mic