Lucene search

[email protected]CVE-2013-1337

HistoryMay 15, 2013 - 3:36 a.m.

CVE-2013-1337

2013-05-1503:36:00

CWE-287

[email protected]

web.nvd.nist.gov

microsoft

.net framework

wcf

authentication

bypass

cve-2013-1337

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka “Authentication Bypass Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.5

References

www.us-cert.gov/ncas/alerts/TA13-134A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2013-1337

prion1 symantec1 cvelist1 seebug1 openvas2 nessus1 mskb1 securityvulns1