CVE-2015-2471

2015-08-1500:59:30

CWE-310

[email protected]

web.nvd.nist.gov

microsoft xml core services

ssl 2.0

information disclosure

vulnerability

cve-2015-2471

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka “MSXML Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-2434.

Affected configurations

NVD

Node

microsoftxml_core_servicesMatch3.0

microsoftxml_core_servicesMatch5.0

microsoftxml_core_servicesMatch6.0

CPENameOperatorVersion
microsoft:xml_core_servicesmicrosoft xml core serviceseq3.0
microsoft:xml_core_servicesmicrosoft xml core serviceseq5.0
microsoft:xml_core_servicesmicrosoft xml core serviceseq6.0

CPE	Name	Operator	Version
microsoft:xml_core_services	microsoft xml core services	eq	3.0
microsoft:xml_core_services	microsoft xml core services	eq	5.0
microsoft:xml_core_services	microsoft xml core services	eq	6.0