CVE-2015-6096

EUVD-2015-6039
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.0
microsoft.net_framework
4.5
microsoft.net_framework
4.5.1
microsoft.net_framework
4.5.2
microsoft.net_framework
4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1034116
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118
http://www.securitytracker.com/id/1034116
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118