MS15-089: Vulnerability in WebDAV Could Allow Information Disclosure (3076949)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote Windows host is affected by an information disclosure
vulnerability in the Microsoft Web Distributed Authoring and
Versioning (WebDAV) client due to explicitly allowing the use of
Secure Socket Layer (SSL) 2.0. A remote attacker can exploit this to
force an encrypted SSL 2.0 session with a WebDAV server that has SSL
2.0 enabled, and use a man-in-the-middle attack to decrypt portions of
the encrypted traffic, resulting in the disclosure of sensitive
information.

See also :

https://technet.microsoft.com/library/security/MS15-089

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 85323 ()

Bugtraq ID: 76234

CVE ID: CVE-2015-2476

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now