CVE-2015-2471
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.
Vulnerabilidad en Microsoft XML Core Services 3.0, 5.0 y 6.0 admite SSL 2.0, lo que facilita a atacantes remotos romper los mecanismos de protección de cifrado husmeando la red y llevando a cabo un ataque de descifrado, también conocida como 'MSXML Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-2434.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-03-19 CVE Reserved
- 2015-08-15 CVE Published
- 2024-04-21 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033241 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| ||||||