SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows WebDAV SSL Downgrade Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1033249
SecurityTracker URL:  http://securitytracker.com/id/1033249
CVE Reference:   CVE-2015-2476   (Links to External Site)
Date:  Aug 11 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows WebDAV. A remote user can obtain potentially sensitive information on the target system.

The WebDAV client permits the use of Secure Sockets Layer (SSL) 2.0. A remote user that can conduct a man-in-the-middle attack can force a downgrade to SSL 2.0 and then decrypt portions of network traffic.

Impact:   A remote user can decrypt portions of network traffic to obtain potentially sensitive information on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=72970964-7ae3-4dd4-945e-7bb98256cdb8

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=e91ce01e-c3c5-419a-b733-1b0c4d97044b

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=893d269e-10c2-4323-b525-30824bf1fde0

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=0681ea13-c632-4159-979c-618fdd8bac18

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=6c3771d6-a4f2-4782-ae4d-6dec8236f100

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=8642efc9-6c47-48f5-b091-f9b3d4516224

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=4e2a2271-4a59-4a7a-b6a5-a93508294898

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=fcbde248-9eb1-4762-ba48-1288c3b4e120

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=7f2bee20-7ee5-4b22-8e33-88e198d3dd6e

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=b1db4693-9353-46a1-a8e9-5ddc50d90037

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=e37e4ecc-b8a1-4af9-9c5b-af7e15f9d560

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=65d3224c-b2d4-4882-87ef-c7a8a7b98c04

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=1b74ff7b-2fb5-45a8-81a3-ecab643ec716

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-089

Vendor URL:  technet.microsoft.com/library/security/ms15-089 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC