CVE-2013-0005Improper Input Validation in Microsoft NET Framework

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
65.3%
top 1.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedJan 9
Latest updateMay 5

Description

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDmicrosoft/net_framework3.5, 3.5.1, 4.0+2

🔴Vulnerability Details

3
GHSA
GHSA-j63h-6q3w-pwc2: The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft2022-05-05
Kernel
HID: zeroplus: validate output report details2013-09-11
CVEList
CVE-2013-0005: The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft2013-01-09
CVE-2013-0005 — Improper Input Validation in Microsoft | cvebase