cnvd - cnvd-2015-05494

CNVD-2015-05494

Vulnerability from cnvd - Published: 2015-08-25

Title

Microsoft Windows WebDAV中间人信息泄露漏洞（CNVD-2015-05494）

Description

Microsoft Windows是一款流行的操作系统。 Microsoft Windows WebDAV存在安全漏洞，WebDAV客户端允许SSL 2.0可进行中间人攻击的攻击者迫使加密算法降级为SSL2.0，然后解密通信。

Severity

低

Patch Name

Microsoft Windows WebDAV中间人信息泄露漏洞（CNVD-2015-05494）的补丁

Patch Description

Microsoft Windows是一款流行的操作系统。Microsoft Windows WebDAV存在安全漏洞，WebDAV客户端允许SSL 2.0可进行中间人攻击的攻击者迫使加密算法降级为SSL2.0，然后解密通信。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Microsoft已经为此发布了一个安全公告（MS15-089）以及相应补丁: http://technet.microsoft.com/security/bulletin/MS15-089

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2476

Impacted products

Name
['Microsoft Windows Server 2008', 'Microsoft Windows Server 2008 R2', 'Microsoft Windows 7', 'Microsoft Windows Vista sp2', 'Microsoft Windows 8.1', 'Microsoft Windows 8', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "76234"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2476"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows WebDAV\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cWebDAV\u5ba2\u6237\u7aef\u5141\u8bb8SSL 2.0\u53ef\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u7684\u653b\u51fb\u8005\u8feb\u4f7f\u52a0\u5bc6\u7b97\u6cd5\u964d\u7ea7\u4e3aSSL2.0\uff0c\u7136\u540e\u89e3\u5bc6\u901a\u4fe1\u3002",
  "discovererName": "Microsoft",
  "formalWay": "Microsoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS15-089\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttp://technet.microsoft.com/security/bulletin/MS15-089",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05494",
  "openTime": "2015-08-25",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows WebDAV\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cWebDAV\u5ba2\u6237\u7aef\u5141\u8bb8SSL 2.0\u53ef\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u7684\u653b\u51fb\u8005\u8feb\u4f7f\u52a0\u5bc6\u7b97\u6cd5\u964d\u7ea7\u4e3aSSL2.0\uff0c\u7136\u540e\u89e3\u5bc6\u901a\u4fe1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows WebDAV\u4e2d\u95f4\u4eba\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-05494\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008",
      "Microsoft Windows Server 2008 R2",
      "Microsoft Windows 7",
      "Microsoft Windows Vista sp2",
      "Microsoft Windows 8.1",
      "Microsoft Windows 8",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2476",
  "serverity": "\u4f4e",
  "submitTime": "2015-08-18",
  "title": "Microsoft Windows WebDAV\u4e2d\u95f4\u4eba\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-05494\uff09"
}

CVE-2015-2476 (GCVE-0-2015-2476)

Vulnerability from cvelistv5 – Published: 2015-08-15 00:00 – Updated: 2024-08-06 05:17

Summary

The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id/1033249	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:17:27.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS15-089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-089"
          },
          {
            "name": "1033249",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033249"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka \"WebDAV Client Information Disclosure Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS15-089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-089"
        },
        {
          "name": "1033249",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033249"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka \"WebDAV Client Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS15-089",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-089"
            },
            {
              "name": "1033249",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033249"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2476",
    "datePublished": "2015-08-15T00:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:17:27.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-05494

CVE-2015-2476 (GCVE-0-2015-2476)

Tags

Sightings

Nomenclature