CVE-2015-1672Microsoft NET Framework vulnerability

CWE-3104 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
16.2%
top 5.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedMay 13
Latest updateMay 14

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-7x8j-j3w7-357h: Microsoft2022-05-14
CVEList
CVE-2015-1672: Microsoft2015-05-13

💬Community

1
Bugzilla
CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2015-8981 CVE-2017-5855 CVE-2017-5886 podofo: Multiple security vulnerabilities2017-02-02
CVE-2015-1672 — Microsoft NET Framework vulnerability | cvebase