CVE-2013-1336

2013-05-1503:36:34

CWE-20

[email protected]

web.nvd.nist.gov

132

cve-2013-1336

xml

signature

spoofing

.net framework

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.91 High

EPSS

Percentile

98.9%

JSON

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka “XML Digital Signature Spoofing Vulnerability.”

Affected configurations

NVD

Node

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.5

microsoft.net_frameworkMatch3.5.1

microsoft.net_frameworkMatch4.0

microsoft.net_frameworkMatch4.5

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	2.0
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:.net_framework	microsoft .net framework	eq	3.5.1
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:.net_framework	microsoft .net framework	eq	4.5