CVE-2015-2471 - Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote att

CVE-2015-2471

Summary

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 12-10-2018 - 22:09)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

msbulletin via4

bulletin_id	MS15-084
bulletin_url
date	2015-08-11T00:00:00
impact	Information Disclosure
knowledgebase_id	3080129
knowledgebase_url
severity	Important
title	Vulnerabilities in XML Core Services Could Allow Information Disclosure

refmap via4

sectrack

1033241

Last major update

12-10-2018 - 22:09

Published

15-08-2015 - 00:59

Last modified

12-10-2018 - 22:09