CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0149

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.158

EPSS Ranking 94.3%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

Products affected by CVE-2016-0149

Microsoft » .net Framework » Version: 2.0

cpe:2.3:a:microsoft:.net_framework:2.0
Microsoft » .net Framework » Version: 3.0

cpe:2.3:a:microsoft:.net_framework:3.0
Microsoft » .net Framework » Version: 3.5

cpe:2.3:a:microsoft:.net_framework:3.5
Microsoft » .net Framework » Version: 3.5.1

cpe:2.3:a:microsoft:.net_framework:3.5.1
Microsoft » .net Framework » Version: 4.5.2

cpe:2.3:a:microsoft:.net_framework:4.5.2
Microsoft » .net Framework » Version: 4.6

cpe:2.3:a:microsoft:.net_framework:4.6
Microsoft » .net Framework » Version: 4.6.1

cpe:2.3:a:microsoft:.net_framework:4.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0149

Products

Pricing

Contact Us