CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:sp2:professional:x64:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:-:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:-:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:sp2:professional:x64:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:microsoft:management_odata_iis_extension:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://www.us-cert.gov/cas/techalerts/TA13-008A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA13-008A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*

Information

Published : 2013-01-09 18:09

Updated : 2024-11-21 01:46


NVD link : CVE-2013-0005

Mitre link : CVE-2013-0005

CVE.ORG link : CVE-2013-0005


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_7
  • .net_framework
  • windows_xp
  • management_odata_iis_extension
  • windows_server_2012
  • windows_server_2003
  • windows_server_2008
  • windows_8
CWE
CWE-20

Improper Input Validation