CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-089 | Vulnerability in WebDAV Could Allow Information Disclosure (3076949) | Windows Vista | Important | 12-08-2015 |
Technical Information
Brief overview of the risk:
The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.
Detailed Information on the risk:
An information disclosure vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client that is caused when it explicitly allows the use of Secure Socket Layer (SSL) 2.0. An attacker who successfully exploited this vulnerability could decrypt portions of encrypted traffic.
To exploit the vulnerability, an attacker could force an encrypted SSL 2.0 session with a WebDAV server that has SSL 2.0 enabled and use a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. The security update addresses the vulnerability by ensuring that the Microsoft WebDAV client defaults to more secure protocols than SSL 2.0.
Windows Vista Service Pack 2 To exploit the vulnerability, an attacker could force an encrypted SSL 2.0 session with a WebDAV server that has SSL 2.0 enabled and use a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. The security update addresses the vulnerability by ensuring that the Microsoft WebDAV client defaults to more secure protocols than SSL 2.0.
Further information on this exploit is available at : MS15-089
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2