Vulnerability Name: CVE-2015-1648 (CCN-101935) Assigned: 2015-04-14 Published: 2015-04-14 Updated: 2018-10-12 Summary: ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N )1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N )3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-19 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2015-1648 Source: CCN Type: Microsoft Security Bulletin MS15-041Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) Source: CCN Type: BID-74010Microsoft .NET Framework CVE-2015-1648 Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN1032116 Source: MS Type: UNKNOWNMS15-041 Source: XF Type: UNKNOWNms-dotnet-cve20151648-info-disc(101935) Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28116 V ASP.NET information disclosure vulnerability - CVE-2015-1648 (MS15-041) 2015-12-22
BACK
microsoft .net framework 1.1 sp1
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 4.0
microsoft .net framework 4.5
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 1.1 sp1
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 4.0
microsoft .net framework 4.5
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2