CVE-2015-6096

Microsoft .NET Framework 2.0 SP2-4.6 - XML External Entity Injection in DTD Parser

Title source: llm
STIX 2.1

Description

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034116

Scores

EPSS 0.6102
EPSS Percentile 99.0%

Details

CWE
CWE-200
Status published
Products (8)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 4.5
microsoft/.net_framework 4.5.1
microsoft/.net_framework 4.5.2
microsoft/.net_framework 4.6
Published Nov 11, 2015
Tracked Since Feb 18, 2026