PT-2015-5766 · Microsoft · Xml Core Services
Published
2015-08-15
·
Updated
2018-10-12
·
CVE-2015-2471
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft XML Core Services versions 3.0, 5.0, and 6.0
Description
The issue allows remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack due to the support of SSL 2.0.
Recommendations
For Microsoft XML Core Services versions 3.0, 5.0, and 6.0, consider disabling SSL 2.0 support to mitigate the risk of decryption attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xml Core Services