CVE-2015-2556 — MEDIUM (4.3)

Vulnerability Description

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Microsoft	Sharepoint Server	2007

Related Weaknesses (CWE)

CWE-200

References

http://www.securitytracker.com/id/1033804Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-11
http://www.securitytracker.com/id/1033804Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-11

FAQ

What is CVE-2015-2556?

CVE-2015-2556 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an exter...

How severe is CVE-2015-2556?

CVE-2015-2556 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2556?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Server.