CVE-2015-2556

2015-10-1401:59:11

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka “Microsoft SharePoint Information Disclosure Vulnerability.”

Affected configurations

Nvd

Node

microsoftsharepoint_serverMatch2007sp3

microsoftsharepoint_serverMatch2010sp2

VendorProductVersionCPE
microsoftsharepoint_server2007cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	sharepoint_server	2007	cpe:2.3:a:microsoft:sharepoint_server:2007:sp3::::::
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::