PT-2015-5412 · Microsoft · .Net Framework+1

Published

2015-04-14

Updated

2018-10-12

CVE-2015-1648

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ASP.NET in Microsoft .NET Framework versions 1.1 SP1 through 4.5.2

Description An information disclosure issue exists due to improper handling of certain requests when custom error messages are disabled. This could allow an attacker to view parts of a web configuration file, potentially exposing sensitive information.

Recommendations For ASP.NET in Microsoft .NET Framework versions 1.1 SP1 through 4.5.2, enable custom error messages to prevent information disclosure. Consider restricting access to sensitive configuration files as an additional mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2015-1648

Affected Products

.Net Framework

Asp.Net

PT-2015-5412 · Microsoft · .Net Framework+1

CVE-2015-1648

Weakness Enumeration

Related Identifiers

Affected Products

References · 6