CVE-2015-2476
First published: Sat Aug 15 2015(Updated: )
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2476?
CVE-2015-2476 is considered a critical vulnerability due to its exploitability through SSL 2.0 in multiple Microsoft Windows versions.
How do I fix CVE-2015-2476?
To fix CVE-2015-2476, users should disable SSL 2.0 and apply the appropriate security updates provided by Microsoft.
Which Microsoft Windows versions are affected by CVE-2015-2476?
CVE-2015-2476 affects Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8, Windows 8.1, and various Windows Server 2012 versions.
What type of attacks can exploit CVE-2015-2476?
CVE-2015-2476 can be exploited by remote attackers through sniffer attacks that bypass cryptographic protections.
Is there any workaround for CVE-2015-2476 besides applying patches?
In addition to applying patches, disabling SSL 2.0 is a key workaround to mitigate the risks associated with CVE-2015-2476.
- agent/references
- agent/type
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2