CVE-2013-0005
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | not-affected | |
| windows | not-affected | | |
| windows | sp2 | not-affected | |
| windows | r2 | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | .net_framework | 4.0 | |
| microsoft | management_odata_iis_extension | - | |
References
- http://www.us-cert.gov/cas/techalerts/TA13-008A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282
- http://www.us-cert.gov/cas/techalerts/TA13-008A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.