CVE-2012-2532

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2012-2531

Published on 14/11/12 - Updated on 13/10/18

Description

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2012-2532
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-647
Microsoft MS12-073
Renater 2012/VULN464

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftftp_service
microsoftinternet_information_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail