Lucene search

[email protected]CVE-2015-2556

HistoryOct 14, 2015 - 1:59 a.m.

CVE-2015-2556

2015-10-1401:59:11

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-2556

infopath forms services

microsoft sharepoint server

dtd

xml

xxe

information disclosure vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka “Microsoft SharePoint Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftsharepoint_serverMatch2007sp3

microsoftsharepoint_serverMatch2010sp2

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2007
microsoft:sharepoint_servermicrosoft sharepoint servereq2010

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010

References

www.securitytracker.com/id/1033804

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2015-2556

prion1 cvelist1 symantec1 nvd1 openvas1 nessus1 kaspersky1