FKIE_CVE-2012-2531

Vulnerability from fkie_nvd - Published: 2012-11-14 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
References
secure@microsoft.comhttp://www.securityfocus.com/bid/56439Third Party Advisory, VDB Entry
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56439Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959
Impacted products
Vendor Product Version
microsoft windows_7 -
microsoft windows_7 -
microsoft windows_7 -
microsoft windows_server_2008 *
microsoft windows_server_2008 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
              "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
              "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Information Server (IIS)  Services v7.5 utiliza permisos d\u00e9biles para el registro de operaciones, lo que permite descubrir las credenciales a los usuarios locales mediante la lectura de este archivo. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de divulgaci\u00f3n de contrase\u00f1a\".\r\n"
    }
  ],
  "id": "CVE-2012-2531",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T00:55:01.547",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56439"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.