CVE-2015-2419
published 2015-07-14CVE-2015-2419: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…
PriorityP189high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
EPSS
44.54%
98.6th percentile
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2015-2419 (JScript9 Memory Corruption) was integrated into Angler Exploit Kit by August 2015; detect Angler EK traffic patterns targeting Internet Explorer 10/11 to identify exploitation attempts. ↗
- →CVE-2015-2419 was among the top vulnerabilities leveraged by exploit kits in 2015; prioritize detection of drive-by download activity targeting IE 10/11 via malvertising or compromised web pages. ↗
- →POC exploit code for CVE-2015-2419 was observed for sale on criminal forums as late as May 2016, indicating continued adversary interest; monitor for exploit kit traffic from unpatched IE 10/11 hosts. ↗
- →Angler EK uses a fileless infection technique executing payload from memory; post-infection follow-up malware (e.g., CryptXXX, Bedep) must be stored on disk for persistence — monitor for unexpected child processes of iexplore.exe and in-memory execution anomalies. ↗
- ·No specific hashes, domains, IPs, or YARA/Sigma/Snort rules for CVE-2015-2419 were present in the source documents; all IOC fields are empty as a result. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 10/11 JScript 9 memory corruption (MS15-065 / EDB-44743)
vuldb·2026-04-22·CVSS 8.8
CVE-2015-2419 [HIGH] Microsoft Internet Explorer 10/11 JScript 9 memory corruption (MS15-065 / EDB-44743)
A vulnerability marked as critical has been reported in Microsoft Internet Explorer 10/11. Affected is an unknown function of the component JScript 9. The manipulation leads to memory corruption.
This vulnerability is listed as CVE-2015-2419. The attack may be initiated remotely. In addition, an exploit is available.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-pv3m-j6rc-qgg4: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)
ghsa_unreviewed·2022-05-14
CVE-2015-2419 [HIGH] CWE-119 GHSA-pv3m-j6rc-qgg4: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
VulnCheck
Microsoft Internet Explorer Memory Corruption Vulnerability
vulncheck·2015·CVSS 8.8
CVE-2015-2419 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer Memory Corruption Vulnerability
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://resources.infosecinstitute.com/topic/the-hacking-team-hack-when-hackers-have-become-the-target/; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/teslacrypt-arrives-via-neutrino-exploit-kit/; https://www.oreilly.com/content/threat-intelligence-and-ransomware/; https://blog.malwarebytes.com/cybercrime/2017/08/rig-exploit-kit-distributes-princess-ransomware/; https://www2.fireeye.com/rs/848-DID-242/images/r
CISA
Microsoft Internet Explorer Memory Corruption Vulnerability
cisa·2022-03-28·CVSS 8.8
CVE-2015-2419 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2419
Remediation Due Date: 2022-04-18
Suricata
ET EXPLOIT_KIT Terror EK CVE-2015-2419 Exploit
suricata·2017-04-04·CVSS 8.8
CVE-2016-0189 [HIGH] ET EXPLOIT_KIT Terror EK CVE-2015-2419 Exploit
ET EXPLOIT_KIT Terror EK CVE-2015-2419 Exploit
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Terror EK CVE-2015-2419 Exploit"; flow:established,to_client; file.data; content:"EB125831C966B9"; nocase; content:"05498034088485C975F7FFE0E8E9FFFFFFD10D61074028D7D5D3B544E0"; distance:2; within:58; nocase; reference:cve,2016-0189; classtype:exploit-kit; sid:2024170; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2017_04_04, cve CVE_2016_0189, deployment Perimeter, malware_family Exploit_Kit_Terror, performance_impact Low, confidence High, signature_severity Major, tag Exploit_Kit_Terror, tag CISA_KEV, updated_at 2024_03_14;)
Suricata
ET EXPLOIT CVE-2015-2419 As observed in Magnitude EK
suricata·2016-09-21·CVSS 8.8
CVE-2015-2419 [HIGH] ET EXPLOIT CVE-2015-2419 As observed in Magnitude EK
ET EXPLOIT CVE-2015-2419 As observed in Magnitude EK
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT CVE-2015-2419 As observed in Magnitude EK"; flow:established,to_client; file.data; content:"|5b 30 78 35 33 2c 20 30 78 35 35 2c 20 30 78 35 36 2c 20 30 78 65 38 2c 20 30 78 30 39 2c 20 30 78 30 30 2c 20 30 78 30 30 2c 20 30 78 30 30 2c 20 30 78 35 65 2c 20 30 78 35 64 2c 20 30 78 35 62 2c 20 30 78 38 62 2c 20 30 78 36 33 2c 20 30 78 30 63 2c 20 30 78 63 32 2c 20 30 78 30 63 2c 20 30 78 30 30 2c 20 30 78 39 30 5d|"; nocase; content:"|30 78 31 32 38 65 30 30 32 30|"; nocase; content:"|4a 53 4f 4e|"; nocase; content:"|73 74 72 69 6e 67 69 66 79|"; nocase; classtype:exploit-kit; sid:2023253; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affect
Tenable
How VPR Helped Prioritize the Most Dangerous CVEs in 2019
blogs_tenable·2020-04-30
How VPR Helped Prioritize the Most Dangerous CVEs in 2019
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Capesand verwendet öffentliche Exploits und Tools
blogs_trendmicro·2019-11-07
Capesand verwendet öffentliche Exploits und Tools
Ausnutzung von Schwachstellen
## Capesand verwendet öffentliche Exploits und Tools
Die Sicherheitsforscher von Trend Micro haben kürzlich ein neues Exploit Kit namens Capesand entdeckt, das auf neuere Sicherheitslücken in Adobe Flash und Microsoft Internet Explorer (IE) zielt.
By: Elliot Cao, Joseph C Chen, William Gamazo Sanchez Nov 07, 2019 Read time: ( words)
Save to Folio
Originalbeitrag von Elliot Cao, Joseph C. Chen, William Gamazo Sanchez
Die Sicherheitsforscher von Trend Micro haben kürzlich ein neues Exploit Kit namens Capesand entdeckt. Das Exploit Kit zielt auf neuere Sicherheitslücken in Adobe Flash und Microsoft Internet Explorer (IE). Die Recherche offenbarte auch den Missbrauch einer Sicherheitslücke für IE von 2015. Die kriminellen Hintermänner entwickeln das Kit stän
Trendmicro
New Capesand Exploit Kit Reuses Public Exploits, Tools
blogs_trendmicro·2019-11-05
New Capesand Exploit Kit Reuses Public Exploits, Tools
Malware
# New Capesand Exploit Kit Reuses Public Exploits, Tools
We found exploit kit Capesand abusing recently disclosed gaps in Adobe Flash and Internet Explorer (IE). Further investigation showed it also exploits a 2015 flaw in IE, appearing to reuse source code from a publicly shared exploit kit code.
By: Elliot Cao, Joseph C Chen, William Gamazo Sanchez
2019/11/05
Read time: ( words)
Save to Folio
Updated as of 7:00 PM Eastern Standard Time to remove one included image.
We discovered a new exploit kit named Capesand in October 2019. Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). Based on our investigation, it also exploits a 2015 vulnerability for IE. It seems the cybercriminals behind the exploit kit are continuously de
Trendmicro
New Capesand Exploit Kit Reuses Public Exploits, Tools
blogs_trendmicro·2019-11-05
New Capesand Exploit Kit Reuses Public Exploits, Tools
Malware
# New Capesand Exploit Kit Reuses Public Exploits, Tools
We found exploit kit Capesand abusing recently disclosed gaps in Adobe Flash and Internet Explorer (IE). Further investigation showed it also exploits a 2015 flaw in IE, appearing to reuse source code from a publicly shared exploit kit code.
By: Elliot Cao, Joseph C Chen, William Gamazo Sanchez
Nov 05, 2019
Read time: ( words)
Save to Folio
Updated as of 7:00 PM Eastern Standard Time to remove one included image.
We discovered a new exploit kit named Capesand in October 2019. Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). Based on our investigation, it also exploits a 2015 vulnerability for IE. It seems the cybercriminals behind the exploit kit are continuously
Trendmicro
Down but Not Out: Recent Exploit Kit Activities
blogs_trendmicro·2018-07-02·CVSS 7.5
[HIGH] Down but Not Out: Recent Exploit Kit Activities
Exploits & Vulnerabilities
# Down but Not Out: Recent Exploit Kit Activities
Based on the exploit kits’ latest activities, it appears they and their users are shifting tactics by joining the bandwagon, like capitalizing on cryptocurrency’s popularity or using off-the-rack malware.
By: Martin Co, Joseph C Chen
2018/07/02
Read time: ( words)
Save to Folio
Exploit kits may be down, but they’re not out. While they're still using the same techniques that involve malvertisements or embedding links in spam and malicious or compromised websites, their latest activities are making them significant factors in the threat landscape again. This is the case with Rig and GrandSoft, as well as the private exploit kit Magnitude — exploit kits we found roping in relatively recent vulnerabilities to de
Zscaler
Top Exploit Kit Activity Roundup - Summer 2017 | Zscaler
blogs_zscaler·2017-09-12
Top Exploit Kit Activity Roundup - Summer 2017 | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Unit42
Understanding Angler Exploit Kit - Part 2: Examining Angler EK
blogs_unit42·2016-06-07·CVSS 9.8
[CRITICAL] Understanding Angler Exploit Kit - Part 2: Examining Angler EK
This is the second part of a two-part blog post for understanding Angler exploit kit (EK). The first part covered EKs in general. This blog focuses on the Angler EK.
Angler is currently one of the most advanced, effective, and popular exploit kits in the cyber criminal market. It generally uses the most recent exploits based on the latest vulnerabilities. Like most leading EKs, the authors behind Angler use Software as a Service (SaaS) as their business model, and Angler can be rented in the cyber underground for a few thousand dollars a month.
### History
Angler EK was discovered in 2013, and it began appearing more frequently later that year. Angler grew in popularity sometime after Russian authorities arrested malware kingpin "Paunch", the alleged creator and distributor of Blackhole
Unit42
Understanding Angler Exploit Kit - Part 2: Examining Angler EK
blogs_unit42·2016-06-07
Understanding Angler Exploit Kit - Part 2: Examining Angler EK
Threat Research Center
Threat Research
Ransomware
## Understanding Angler Exploit Kit - Part 2: Examining Angler EK
Brad Duncan
Published: June 7, 2016
Malware
Ransomware
Threat Research
Angler Exploit Kit
CryptXXX
SaaS
This is the second part of a two-part blog post for understanding Angler exploit kit (EK). The first part covered EKs in general. This blog focuses on the Angler EK.
Angler is currently one of the most advanced, effective, and popular exploit kits in the cyber criminal market. It generally uses the most recent exploits based on the latest vulnerabilities. Like most leading EKs, the authors behind Angler use Software as a Service (SaaS) as their business model, and Angler can be rented in the cyber underground for a few thousand dollars a month .
## History
Zscaler
Bad Actors On GMHOST Alexander Mulgin Serginovic | Zscaler
blogs_zscaler·2016-01-12·CVSS 9.8
[CRITICAL] Bad Actors On GMHOST Alexander Mulgin Serginovic | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Qualys
Update2: Patch Tuesday July 2015 | Qualys
blogs_qualys·2015-07-14·CVSS 9.8
[CRITICAL] Update2: Patch Tuesday July 2015 | Qualys
Update2: Microsoft released a critical bulletin MS15-078 for a font problem that affects all versions of Windows and allows Remote Code Execution. Microsoft credits Google’s Project Zero, Fireeye and TrendMicro. TrendMicro indicates that the vulnerability came out of the HackingTeam data breach. Google’s entry for the bug indicates that they are aware of exploit code avaliable in the wild, which explains Microsoft’s out-of-band release. Patch as quickly as possible.
Update : Oracle’s CPU July 2015 fixes the 0-day vulnerability CVE-2015-2590 in Java reported by Trend Micro. We recommend treating this patch with high priority. Note: if you think you cannot use new Java due to requirements for old versions, have you looked at Oracle’s deployment rulesets?
Original : When we started preparin
Qualys
Update2: Patch Tuesday July 2015 | Qualys
blogs_qualys·2015-07-14·CVSS 9.8
[CRITICAL] Update2: Patch Tuesday July 2015 | Qualys
Update2: Microsoft released a critical bulletin MS15-078 for a font problem that affects all versions of Windows and allows Remote Code Execution. Microsoft credits Google’s Project Zero, Fireeye and TrendMicro. TrendMicro indicates that the vulnerability came out of the HackingTeam data breach. Google’s entry for the bug indicates that they are aware of exploit code avaliable in the wild, which explains Microsoft’s out-of-band release. Patch as quickly as possible.
Update: Oracle’s CPU July 2015 fixes the 0-day vulnerability CVE-2015-2590 in Java reported by Trend Micro. We recommend treating this patch with high priority. Note: if you think you cannot use new Java due to requirements for old versions, have you looked at Oracle’s deployment rulesets?
Original: When we started preparing
Recorded Future
Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis
blogs_recorded_future
Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis
# Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis
Editor’s Note: Some of the analysis featured in this article utilizes real-time intelligence from our new Vulnerability Intelligence Cards™. With this summarized data you can assess, prioritize, and remediate vulnerabilities with much greater speed and confidence to reduce your risk. Find out more in the “Threat Intelligence Use Cases” section of our website.
### Key Takeaways
- Recorded Future’s programmatic identification of exploit chatter for vulnerabilities leads to improved remediation prioritization. This prioritization is based on evidence-based assessment of increased adversary intent and/or capabilities.
- Recorded Future’s foreign natural language processing (NLP) adds significant value to vulnerability
Recorded Future
Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis | Recorded Future
blogs_recorded_future
Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis | Recorded Future
## Turning Criminal Forum Exploit Chatter Into Vulnerability Risk Analysis
Editor’s Note : Some of the analysis featured in this article utilizes real-time intelligence from our new Vulnerability Intelligence Cards™. With this summarized data you can assess, prioritize, and remediate vulnerabilities with much greater speed and confidence to reduce your risk. Find out more in the “ Threat Intelligence Use Cases ” section of our website.
## Key Takeaways
Recorded Future’s programmatic identification of exploit chatter for vulnerabilities leads to improved remediation prioritization. This prioritization is based on evidence-based assessment of increased adversary intent and/or capabilities.
Recorded Future’s foreign natural language processing (NLP) adds significant value to vulnerability
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-21-2015
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 07-21-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Recorded Future
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
blogs_recorded_future·CVSS 7.8
[HIGH] New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
# Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits
### Analysis Summary
- Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
- Vulnerabilities in Microsoft’s Internet Explorer and Silverlight are also major targets.
- Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker.
- Identifying targeted vulnerabilities can better inform patch management functions within organizations.
- Some security professionals suggest uninstalling Adobe Flash Player. Enabling “Click to Play” is a stop-gap.
Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vul
Recorded Future
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 | Recorded Future
blogs_recorded_future·CVSS 7.8
[HIGH] New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 | Recorded Future
## Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits
## Analysis Summary
Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
Vulnerabilities in Microsoft’s Internet Explorer and Silverlight are also major targets.
Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker.
Identifying targeted vulnerabilities can better inform patch management functions within organizations.
Some security professionals suggest uninstalling Adobe Flash Player. Enabling “Click to Play” is a stop-gap.
Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vulnerabi
Zscaler
Zscaler found IE & MS Office Vulnerabilities | 07-14-2015
blogs_zscaler
Zscaler found IE & MS Office Vulnerabilities | 07-14-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securitytracker.com/id/1032894https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065http://www.securitytracker.com/id/1032894https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2419
2015-07-14
Published
2022-03-28
Added to CISA KEV
Exploited in the wild