cvelistv5 - CVE-2012-2531

CVE-2012-2531 (GCVE-0-2012-2531)

Vulnerability from cvelistv5

Published

2012-11-14 00:00

Modified

2024-08-06 19:34

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-3373-cg5f-g7v8

Vulnerability from github

Published

2022-05-13 01:11

Modified

2022-05-13 01:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-14T00:55:00Z",
    "severity": "LOW"
  },
  "details": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\"",
  "id": "GHSA-3373-cg5f-g7v8",
  "modified": "2022-05-13T01:11:45Z",
  "published": "2022-05-13T01:11:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2531"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability.". Microsoft IIS is prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities

Original release date: November 13, 2012 Last revised: --

Systems Affected

 * Microsoft Windows
 * Microsoft Office
 * Microsoft .NET Framework
 * Internet Explorer

Overview

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

References

Microsoft Security Bulletin Summary for November 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Microsoft Windows Server Update Services http://technet.microsoft.com/en-us/wsus/default.aspx
Microsoft Update http://www.update.microsoft.com/
Microsoft Update Overview http://www.microsoft.com/security/updates/mu.aspx
Turn Automatic Updating On or Off http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off

Revision History

November 13, 2012: Initial release

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-318A Feedback VU#970852" in the subject.

Produced by US-CERT, a government organization.

This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy: http://www.us-cert.gov/privacy/

This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0023",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "7.5"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x32) sp1 before"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp1 before"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(itanium) sp1 before"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(x64) sp1 before"
      },
      {
        "model": "windows vista service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20"
      },
      {
        "model": "windows server r2 itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "windows server for x64-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "70"
      },
      {
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "70"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "microsoft",
        "version": "7.5"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_7",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2008",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Justin Royce of ProDX",
    "sources": [
      {
        "db": "BID",
        "id": "56439"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2531",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2012-2531",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2531",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2531",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201211-229",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-2531",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\". Microsoft IIS is prone to an information-disclosure vulnerability. \nAn attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\n\nUS-CERT Alert TA12-318A\nMicrosoft Updates for Multiple Vulnerabilities\n\nOriginal release date: November 13, 2012\nLast revised: --\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Internet Explorer\n\n\nOverview\n\n   Select Microsoft software products contain multiple\n   vulnerabilities. Microsoft has released updates to address these\n   vulnerabilities. \n\n\nDescription\n\n   The Microsoft Security Bulletin Summary for November 2012 describes\n   multiple vulnerabilities in Microsoft software. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nImpact\n\n   A remote, unauthenticated attacker could execute arbitrary code,\n   cause a denial of service, or gain unauthorized access to your\n   files or system. \n\n\nSolution\n\n   Apply Updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for November 2012, which\n   describes any known issues related to the updates. Administrators\n   are encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nReferences\n\n * Microsoft Security Bulletin Summary for November 2012\n   \u003chttp://technet.microsoft.com/en-us/security/bulletin/ms12-nov\u003e\n\n * Microsoft Windows Server Update Services\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update\n   \u003chttp://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview\n   \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off\n   \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n\nRevision History\n\n  November 13, 2012: Initial release\n\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA12-318A Feedback VU#970852\" in\n   the subject. \n ____________________________________________________________________\n\n   Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification.html\n\nPrivacy \u0026 Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-318A.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR\nDRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/\nGCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB\ntPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U\nlEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws\nsqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA==\n=/QVO\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2531",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "56439",
        "trust": 2.0
      },
      {
        "db": "USCERT",
        "id": "TA12-318A",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-2531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "118116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "id": "VAR-201211-0023",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-23T21:45:53.432000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS12-073",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-073"
      },
      {
        "title": "MS12-073",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-073"
      },
      {
        "title": "TA12-318A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-318a.html"
      },
      {
        "title": "shodan-playing",
        "trust": 0.1,
        "url": "https://github.com/dominicporter/shodan-playing "
      },
      {
        "title": "copycat",
        "trust": 0.1,
        "url": "https://github.com/entynetproject/copycat "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/56439"
      },
      {
        "trust": 1.7,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15959"
      },
      {
        "trust": 0.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-318a.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2531"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2012/at120035.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta12-318a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2531"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/56439"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dominicporter/shodan-playing"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/notification.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.update.microsoft.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-nov\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-11-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "date": "2012-11-13T00:00:00",
        "db": "BID",
        "id": "56439"
      },
      {
        "date": "2012-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "date": "2012-11-15T02:44:59",
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "date": "2012-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "date": "2012-11-14T00:55:01.547000",
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-2531"
      },
      {
        "date": "2012-11-20T12:10:00",
        "db": "BID",
        "id": "56439"
      },
      {
        "date": "2012-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      },
      {
        "date": "2019-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      },
      {
        "date": "2024-11-21T01:39:11.930000",
        "db": "NVD",
        "id": "CVE-2012-2531"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "56439"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Internet Information Services Vulnerabilities in which authentication information is discovered",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005346"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-229"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2012-2531

Vulnerability from fkie_nvd

Published

2012-11-14 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/56439	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56439	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
              "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
              "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Information Server (IIS)  Services v7.5 utiliza permisos d\u00e9biles para el registro de operaciones, lo que permite descubrir las credenciales a los usuarios locales mediante la lectura de este archivo. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de divulgaci\u00f3n de contrase\u00f1a\".\r\n"
    }
  ],
  "id": "CVE-2012-2531",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T00:55:01.547",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56439"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2012-2531

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-2531

Aliases

CVE-2012-2531

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2531",
    "description": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\"",
    "id": "GSD-2012-2531"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2531"
      ],
      "details": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\"",
      "id": "GSD-2012-2531",
      "modified": "2023-12-13T01:20:16.720279Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-2531",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "56439",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/56439"
          },
          {
            "name": "oval:org.mitre.oval:def:15959",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
          },
          {
            "name": "MS12-073",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-2531"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56439",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/56439"
            },
            {
              "name": "oval:org.mitre.oval:def:15959",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
            },
            {
              "name": "MS12-073",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-02-05T15:37Z",
      "publishedDate": "2012-11-14T00:55Z"
    }
  }
}

CERTA-2012-AVI-647

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Information Services (IIS). Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données au moyen de commandes FTP spécialement conçues.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 32-bit Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista x64 Edition Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 Itanium-Based Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 x64 Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 Itanium-Based
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista x64 Edition Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 x64 Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 x64 Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 x64
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 32-bit Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista x64 Edition Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 x64 Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista x64 Edition Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 32-bit Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista Service Pack 2

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-2531 (GCVE-0-2012-2531)

Vulnerability from cvelistv5

ghsa-3373-cg5f-g7v8

Vulnerability from github

var-201211-0023

Vulnerability from variot

fkie_cve-2012-2531

Vulnerability from fkie_nvd

gsd-2012-2531

Vulnerability from gsd

CERTA-2012-AVI-647

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature