| |
Vulnerability CVE-2016-3255
Published: 2016-07-12 Modified: 2016-07-13
| Description: |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." |
Type:
CWE-Other
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.securityfocus.com/bid/91601
http://www.securitytracker.com/id/1036291
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-091
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
