CVE-2013-0005: Input Validation
First published: Wed Jan 09 2013(Updated: )
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft .NET Framework 4 | =3.5 | |
| Any of | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows Server | ||
| All of | ||
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| Any of | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2-professional | |
| All of | ||
| Microsoft .NET Framework 4 | =3.5.1 | |
| Any of | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| All of | ||
| Microsoft .NET Framework 4 | =4.0 | |
| Any of | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2-professional | |
| All of | ||
| Microsoft Management OData IIS Extension | ||
| Microsoft Windows Server | ||
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows Server | ||
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2-professional | |
| Microsoft .NET Framework 4 | =3.5.1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft .NET Framework 4 | =4.0 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Management OData IIS Extension |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0005?
CVE-2013-0005 has a severity rating that indicates a potential denial of service vulnerability affecting specific versions of Microsoft .NET Framework and the Management OData IIS Extension.
How do I fix CVE-2013-0005?
To fix CVE-2013-0005, you should update your Microsoft .NET Framework or Management OData IIS Extension to the latest security patches provided by Microsoft.
Which systems are affected by CVE-2013-0005?
CVE-2013-0005 affects Microsoft .NET Framework versions 3.5, 3.5 SP1, 3.5.1, and 4, as well as the Management OData IIS Extension on Windows Server 2012.
What kind of attacks are possible with CVE-2013-0005?
CVE-2013-0005 allows remote attackers to potentially cause a denial of service through resource consumption and daemon restarts.
Is there a workaround for CVE-2013-0005?
While it is recommended to apply the available security updates, in the meantime, limiting access to the affected services may mitigate the risk associated with CVE-2013-0005.
- agent/type
- agent/severity
- agent/weakness
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft .net framework 4
- version/microsoft .net framework 4/3.5
- canonical/microsoft windows 8.0
- canonical/microsoft windows server
- version/microsoft .net framework 4/3.5-sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp3
- version/microsoft windows xp/sp2-professional
- version/microsoft .net framework 4/3.5.1
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- version/microsoft windows server/r2
- version/microsoft .net framework 4/4.0
- version/microsoft windows server/r2-sp1
- canonical/microsoft management odata iis extension