CVE-2016-0149
MEDIUMMicrosoft .net Framework - Information Disclosure
Title source: ruleDescription
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."
Scores
CVSS v3
5.9
EPSS
0.1575
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-200
Status
draft
Affected Products (7)
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
Timeline
Published
May 11, 2016
Tracked Since
Feb 18, 2026