| Vulnerability Name: | CVE-2016-3255 (CCN-114585) | ||||||||||||
| Assigned: | 2016-07-12 | ||||||||||||
| Published: | 2016-07-12 | ||||||||||||
| Updated: | 2018-10-12 | ||||||||||||
| Summary: | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." CWE-611: Improper Restriction of XML External Entity Reference ('XXE') | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 CWE-Other | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-3255 Source: CCN Type: Microsoft Security Bulletin MS16-091 Security Update for .Net Framework (3170048) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: BID Type: UNKNOWN 91601 Source: CCN Type: BID-91601 Microsoft .NET Framework CVE-2016-3255 XML External Entity Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1036291 Source: MS Type: UNKNOWN MS16-091 Source: XF Type: UNKNOWN ms-dotnet-cve20163255-info-disc(114585) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||