CVE-2015-2434

Microsoft XML Core Services 3.0 and 5.0 - Information Disclosure via SSL 2.0 Support

Title source: llm
STIX 2.1

Description

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033241

Scores

EPSS 0.1554
EPSS Percentile 96.4%

Details

CWE
CWE-200 CWE-310
Status published
Products (2)
microsoft/xml_core_services 3.0
microsoft/xml_core_services 5.0
Published Aug 15, 2015
Tracked Since Feb 18, 2026