Microsoft Internet Information Services (IIS) Two Information Disclosure Vulnerabilities

Last Update Date: 14 Nov 2012 17:21 Release Date: 14 Nov 2012 4623 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Password Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Internet Information Services (IIS) fails to properly protect log files.
FTP Command Injection Vulnerabiliy
An information disclosure vulnerability exists in the way that Microsoft Internet Information Services (IIS) FTP Service negotiates encrypted communications channels.

Impact

Information Disclosure

System / Technologies affected

Microsoft Internet Information Services (IIS) 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/MS12-073

Vulnerability Identifier

Source

Microsoft

Related Link

http://technet.microsoft.com/en-us/security/bulletin/MS12-073

Share with

Microsoft .NET Framework Multiple Vulnerabilities

14 Nov 2012 4552 Views

Microsoft Windows Shell Remote Code Execution Multiple Vulnerabilities

14 Nov 2012 4604 Views