QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2015-2556

Back to search

CVE-2015-2556

Published: Oct 14, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

MS15-110
vendor-advisory
x_refsource_MS
1033804
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now