2.6
CVE-2015-1648
- EPSS 34.82%
- Published 14.04.2015 20:59:10
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version1.1 Updatesp1
Microsoft ≫ .Net Framework Version2.0 Updatesp2
Microsoft ≫ .Net Framework Version3.5
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ .Net Framework Version4.0
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ .Net Framework Version4.5.1
Microsoft ≫ .Net Framework Version4.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.82% | 0.969 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|