cvelistv5 - cve-2015-2475

CVE-2015-2475 (GCVE-0-2015-2475)

Vulnerability from cvelistv5 – Published: 2015-08-15 00:00 – Updated: 2024-08-06 05:17

Summary

Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1033246	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/76259	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:17:27.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033246",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033246"
          },
          {
            "name": "MS15-087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
          },
          {
            "name": "76259",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76259"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1033246",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033246"
        },
        {
          "name": "MS15-087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
        },
        {
          "name": "76259",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76259"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033246",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033246"
            },
            {
              "name": "MS15-087",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
            },
            {
              "name": "76259",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76259"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2475",
    "datePublished": "2015-08-15T00:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:17:27.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:biztalk_server:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F51C53DA-47A0-4B99-8BA7-7433CEA3C4F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:biztalk_server:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A72A4677-B316-4D7A-B0E9-B2F0E474015B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:biztalk_server:2013:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BF8F93-F5AF-4D28-8354-B026397EBBD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C28897B-044A-447B-AD76-6397F8190177\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \\\"UDDI Services Elevation of Privilege Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en uddi/search/frames.aspx en el componente de UDDI Services de Microsoft Windows Server 2008 SP2 y BizTalk Server 2010, 2013 Gold y 2013 R2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de par\\u00e1metros de b\\u00fasqueda, tambi\\u00e9n conocida como \u0027UDDI Services Elevation of Privilege Vulnerability\u0027.\"}]",
      "id": "CVE-2015-2475",
      "lastModified": "2024-11-21T02:27:27.667",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-08-15T00:59:34.937",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/76259\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1033246\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/76259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2475\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-08-15T00:59:34.937\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \\\"UDDI Services Elevation of Privilege Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en uddi/search/frames.aspx en el componente de UDDI Services de Microsoft Windows Server 2008 SP2 y BizTalk Server 2010, 2013 Gold y 2013 R2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros de b\u00fasqueda, tambi\u00e9n conocida como \u0027UDDI Services Elevation of Privilege Vulnerability\u0027.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:biztalk_server:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51C53DA-47A0-4B99-8BA7-7433CEA3C4F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:biztalk_server:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A72A4677-B316-4D7A-B0E9-B2F0E474015B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:biztalk_server:2013:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BF8F93-F5AF-4D28-8354-B026397EBBD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C28897B-044A-447B-AD76-6397F8190177\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/76259\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1033246\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/76259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-WGPG-Q254-X2CC

Vulnerability from github – Published: 2022-05-14 02:27 – Updated: 2022-05-14 02:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-15T00:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\"",
  "id": "GHSA-wgpg-q254-x2cc",
  "modified": "2022-05-14T02:27:54Z",
  "published": "2022-05-14T02:27:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2475"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76259"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033246"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-341

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans les services UDDI de Microsoft Windows. Elle permet à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Windows Server 2008

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-087 du 11 août 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows Server 2008\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2475"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-341",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les services UDDI de \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les services UDDI de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-087 du 11 ao\u00fbt 2015",
      "url": "https://technet.microsoft.com/library/security/ms15-087"
    }
  ]
}

CERTFR-2015-AVI-341

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Windows Server 2008

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-087 du 11 août 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows Server 2008\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2475"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-341",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les services UDDI de \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les services UDDI de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-087 du 11 ao\u00fbt 2015",
      "url": "https://technet.microsoft.com/library/security/ms15-087"
    }
  ]
}

GSD-2015-2475

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2475

Aliases

CVE-2015-2475

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2475",
    "description": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\"",
    "id": "GSD-2015-2475"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2475"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\"",
      "id": "GSD-2015-2475",
      "modified": "2023-12-13T01:20:00.790682Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2015-2475",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033246",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033246"
          },
          {
            "name": "MS15-087",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
          },
          {
            "name": "76259",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76259"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:biztalk_server:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:biztalk_server:2013:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:biztalk_server:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2475"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "76259",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76259"
            },
            {
              "name": "1033246",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033246"
            },
            {
              "name": "MS15-087",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:09Z",
      "publishedDate": "2015-08-15T00:59Z"
    }
  }
}

FKIE_CVE-2015-2475

Vulnerability from fkie_nvd - Published: 2015-08-15 00:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securityfocus.com/bid/76259
	secure@microsoft.com	http://www.securitytracker.com/id/1033246
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76259
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033246
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087

Impacted products

Vendor	Product	Version
microsoft	biztalk_server	2010
microsoft	biztalk_server	2013
microsoft	biztalk_server	2013
microsoft	windows_server_2008	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:biztalk_server:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "F51C53DA-47A0-4B99-8BA7-7433CEA3C4F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:biztalk_server:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72A4677-B316-4D7A-B0E9-B2F0E474015B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:biztalk_server:2013:r2:*:*:*:*:*:*",
              "matchCriteriaId": "F1BF8F93-F5AF-4D28-8354-B026397EBBD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka \"UDDI Services Elevation of Privilege Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en uddi/search/frames.aspx en el componente de UDDI Services de Microsoft Windows Server 2008 SP2 y BizTalk Server 2010, 2013 Gold y 2013 R2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros de b\u00fasqueda, tambi\u00e9n conocida como \u0027UDDI Services Elevation of Privilege Vulnerability\u0027."
    }
  ],
  "id": "CVE-2015-2475",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-08-15T00:59:34.937",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/76259"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1033246"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-087"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-05496

Vulnerability from cnvd - Published: 2015-08-24

Title

Microsoft Windows UDDI服务跨站脚本漏洞

Description

Microsoft Windows是一款流行的操作系统。 Microsoft Windows 2008 SP2 Universal Description, Discovery, and Integration (UDDI)服务存在输入验证漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。

Severity

中

Patch Name

Microsoft Windows UDDI服务跨站脚本漏洞的补丁

Patch Description

Microsoft Windows是一款流行的操作系统。Microsoft Windows 2008 SP2 Universal Description, Discovery, and Integration (UDDI)服务存在输入验证漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Microsoft已经为此发布了一个安全公告（MS15-087）以及相应补丁: http://technet.microsoft.com/security/bulletin/MS15-087

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2475

Impacted products

Name
['Microsoft Windows Server 2008 SP2', 'Microsoft BizTalk Server 2010', 'Microsoft BizTalk Server 2013 Gold', 'Microsoft BizTalk Server 2013']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "76259"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2475"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows 2008 SP2 Universal Description, Discovery, and Integration (UDDI)\u670d\u52a1\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "Fran\u00c3\u00a7ois-Xavier Stellamans from NCI Agency - Cyber Security / NCIRC",
  "formalWay": "Microsoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS15-087\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttp://technet.microsoft.com/security/bulletin/MS15-087",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05496",
  "openTime": "2015-08-24",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows 2008 SP2 Universal Description, Discovery, and Integration (UDDI)\u670d\u52a1\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows UDDI\u670d\u52a1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 SP2",
      "Microsoft  BizTalk Server 2010",
      "Microsoft  BizTalk Server 2013 Gold",
      "Microsoft  BizTalk Server 2013"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2475",
  "serverity": "\u4e2d",
  "submitTime": "2015-08-18",
  "title": "Microsoft Windows UDDI\u670d\u52a1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2475 (GCVE-0-2015-2475)

GHSA-WGPG-Q254-X2CC

CERTFR-2015-AVI-341

Solution

CERTFR-2015-AVI-341

Solution

GSD-2015-2475

FKIE_CVE-2015-2475

CNVD-2015-05496

Tags

Sightings

Nomenclature