Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.806614 |
Categoría: | Windows : Microsoft Bulletins |
Título: | Microsoft .NET Framework Privilege Elevation Vulnerabilities (3104507) |
Resumen: | This host is missing an important security; update according to Microsoft Bulletin MS15-118. |
Descripción: | Summary: This host is missing an important security update according to Microsoft Bulletin MS15-118. Vulnerability Insight: Multiple flaws exist due to: - An error in the .NET Framework DTD parsing of certain specially crafted XML files. - ASP.NET improperly validates values in HTTP requests. - An error in the .NET Framework component which does not properly implement the Address Space Layout Randomization (ASLR) security feature. Vulnerability Impact: Successful exploitation will allow an attacker to gain read access to local files, bypass the security feature and then load additional malicious code, inject client-side script into a users browser and ultimately modify or spoof content, conduct phishing activities, disclose information, or perform any action on the vulnerable website that the target user has permission to perform. Affected Software/OS: - Microsoft .NET Framework 2.0 Service Pack 2 - Microsoft .NET Framework 3.5 - Microsoft .NET Framework 3.5.1 - Microsoft .NET Framework 4 - Microsoft .NET Framework 4.5, 4.5.1, and 4.5.2 - Microsoft .NET Framework 4.6, 4.6 RC Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6096 Microsoft Security Bulletin: MS15-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118 http://www.securitytracker.com/id/1034116 Common Vulnerability Exposure (CVE) ID: CVE-2015-6099 Bugtraq: 20151111 Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 (Google Search) http://www.securityfocus.com/archive/1/536875/100/0/threaded http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6115 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |