CVE-2012-2531

LOW

Description

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."

References

http://www.securityfocus.com/bid/56439

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959

Details

Source: MITRE

Published: 2012-11-14

Updated: 2019-07-03

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW