Vulnerability Details : CVE-2015-6096
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
Vulnerability category: XML external entity (XXE) injectionInformation leak
Threat overview for CVE-2015-6096
Top countries where our scanners detected CVE-2015-6096
Top open port discovered on systems with this issue
443
IPs affected by CVE-2015-6096 73,819
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-6096!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-6096
Probability of exploitation activity in the next 30 days: 55.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-6096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-6096
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6096
-
http://www.securitytracker.com/id/1034116
Microsoft .NET Bugs Let Local Users Bypass ASLR and Remote Users Obtain Files and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118
Microsoft Security Bulletin MS15-118 - Important | Microsoft Docs
Products affected by CVE-2015-6096
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*