Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Information Services security vulnerabilities
Published:18.11.2012
Source:
SecurityVulns ID:12717
Type:m-i-t-m
Threat Level:
5/10
Description:log files information leakage, FTP STARTTLS session command injection.
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability.")
 CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability.")
Files:Microsoft Security Bulletin MS12-073 - Moderate Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod