1. Home
  2. Vulnerabilities
  3. CVE-2015-4515

CVE-2015-4515

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.37 % (73th)
0.37% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-11-05 05:59:03
(8 years ago)
Updated Date
2016-12-07 18:13:13
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 41.0.2 and prior versions cpe:2.3:a:mozilla:firefox <= 41.0.2