Vulnerabilities in Microsoft IIS
Vulnerability: Multiple vulnerabilities in Microsoft Internet Information Services (IIS)
Danger: Low
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-2531
CVE-2012-2532
Vector of operation: Remote
Impact: Disclosure of sensitive data
Affected Products: Microsoft Internet Information Services (IIS) 7.x
Affected versions: Microsoft Internet Information Services (IIS) 7.x
Description:
Which can be exploited by malicious people to disclose sensitive data on the target system.
1. The vulnerability is caused due to insufficient access restrictions to certain log files. This can be open-minded people cheating accounts.
Note: Successful exploitation № 1 functional Operational log for IIS must be enabled (disabled by default).
2. An error in the IIS FTP service when communicating with encrypted communication channels. This can be exploited by certain FTP commands to reveal important data on the target system.
Manufacturer URL: http://www.microsoft.com/
Solution: To resolve the vulnerability patch from the manufacturer.
Links:
