Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2015-6096
HistoryNov 11, 2015 - 12:59 p.m.

CVE-2015-6096

2015-11-1112:59:35
CWE-200
[email protected]
web.nvd.nist.gov
92
cve-2015-6096
microsoft
.net framework
xml dtd
parser
remote attackers
arbitrary files
external entity
xxe
information disclosure
vulnerability
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.53 Medium

EPSS

Percentile

97.6%

JSON

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka “.NET Information Disclosure Vulnerability.”

Affected configurations

NVD
Node
microsoft.net_frameworkMatch2.0sp2
OR
microsoft.net_frameworkMatch3.5
OR
microsoft.net_frameworkMatch3.5.1
OR
microsoft.net_frameworkMatch4.0
OR
microsoft.net_frameworkMatch4.5
OR
microsoft.net_frameworkMatch4.5.1
OR
microsoft.net_frameworkMatch4.5.2
OR
microsoft.net_frameworkMatch4.6

Related

prion 1
cvelist 1
nvd 1
symantec 1
checkpoint_advisories 1
ics 1
mskb 1
kaspersky 1
nessus 1
openvas 1
prion
prion
Information disclosure
2015-11-11 12:59:00
cvelist
cvelist
CVE-2015-6096
2015-11-11 11:00:00
nvd
nvd
CVE-2015-6096
2015-11-11 12:59:35
symantec
symantec
Microsoft .NET Framework CVE-2015-6096 XML Handling Information Disclosure Vulnerability
2015-11-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft .NET Information Disclosure (MS15-118: CVE-2015-6096)
2015-11-10 00:00:00
ics
ics
OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5
2021-05-13 12:00:00
mskb
mskb
MS15-118: Security update for the .NET Framework to address elevation of privilege: November 10, 2015
2015-11-10 00:00:00
kaspersky
kaspersky
KLA10695 Multiple vulnerabilities in Microsoft .NET Framework
2015-11-10 00:00:00
nessus
nessus
MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
2015-11-10 00:00:00
openvas
openvas
Microsoft .NET Framework Privilege Elevation Vulnerabilities (3104507)
2015-11-11 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.53 Medium

EPSS

Percentile

97.6%

JSON
Related for CVE-2015-6096
prion1cvelist1nvd1symantec1checkpoint_advisories1ics1mskb1kaspersky1nessus1openvas1