CVE-2013-0081

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

78.4%

top 0.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Foundation Microsoft Sharepoint Portal Server Microsoft Sharepoint Server +1 more

Timeline

PublishedSep 11

Latest updateMay 5

Description

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmicrosoft/sharepoint_portal_server2003

▶NVDmicrosoft/sharepoint_server2007, 2010, 2013+2

▶NVDmicrosoft/sharepoint_services2.0, 3.0+1

▶NVDmicrosoft/sharepoint_foundation2010, 2013+1

🔴Vulnerability Details

GHSA

GHSA-3xgv-2qr4-qv6r: Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, w↗2022-05-05

▶

CVEList

CVE-2013-0081: Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, w↗2013-09-11

▶