CVE-2013-0005

2013-01-0918:09:00

CWE-20

[email protected]

web.nvd.nist.gov

115

microsoft

.net framework

odata

protocol

remote attackers

denial of service

6.5 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.59 Medium

EPSS

Percentile

97.7%

JSON

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka “Replace Denial of Service Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:management_odata_iis_extensionmicrosoft management odata iis extensioneq-

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:.net_framework	microsoft .net framework	eq	3.5.1
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:management_odata_iis_extension	microsoft management odata iis extension	eq	-