CVE-2012-2531

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/56439	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::

History

No history.

Information

Published : 2012-11-14 00:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-2531

Mitre link : CVE-2012-2531

CVE.ORG link : CVE-2012-2531

JSON object : View

Products Affected

microsoft

windows_7
windows_server_2008

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2012-2531", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-14T00:55:01.547", "references": [{"url": "http://www.securityfocus.com/bid/56439", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""}, {"lang": "es", "value": "Microsoft Internet Information Server (IIS) Services v7.5 utiliza permisos d\u00e9biles para el registro de operaciones, lo que permite descubrir las credenciales a los usuarios locales mediante la lectura de este archivo. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de divulgaci\u00f3n de contrase\u00f1a\".\r\n"}], "lastModified": "2021-02-05T15:37:20.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com"}