CVE-2015-1648

2015-04-1420:59:00

CWE-19

[email protected]

web.nvd.nist.gov

asp.net

microsoft .net framework

information disclosure

cve-2015-1648

nvd

5.8 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.941 High

EPSS

Percentile

99.1%

JSON

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka “ASP.NET Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:.net_frameworkmicrosoft .net frameworkeq1.1
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5.1
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5.2
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:.net_framework	microsoft .net framework	eq	1.1
microsoft:.net_framework	microsoft .net framework	eq	4.5.1
microsoft:.net_framework	microsoft .net framework	eq	4.5.2
microsoft:.net_framework	microsoft .net framework	eq	2.0
microsoft:.net_framework	microsoft .net framework	eq	4.5
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:.net_framework	microsoft .net framework	eq	3.5.1