CVE-2015-6096

medium

Description

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

References

http://www.securitytracker.com/id/1034116

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118

Details

Source: MITRE

Published: 2015-11-11

Updated: 2018-10-12

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM