CVE-2015-1648Sensitive Information Exposure in Microsoft NET Framework

CWE-193 documents3 sources
Severity
2.6LOWNVD
EPSS
34.8%
top 2.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedApr 14
Latest updateMay 14

Description

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-6mhp-89p5-m5gh: ASP2022-05-14
CVEList
CVE-2015-1648: ASP2015-04-14
CVE-2015-1648 — Sensitive Information Exposure | cvebase