Lucene search

[email protected]CVE-2013-1337

HistoryMay 15, 2013 - 3:36 a.m.

CVE-2013-1337

2013-05-1503:36:34

CWE-287

[email protected]

web.nvd.nist.gov

microsoft

.net framework

wcf

authentication

bypass

cve-2013-1337

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.458 Medium

EPSS

Percentile

97.4%

JSON

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka “Authentication Bypass Vulnerability.”

Affected configurations

NVD

Node

microsoft.net_frameworkMatch4.5

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.5

References

www.us-cert.gov/ncas/alerts/TA13-134A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.458 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2013-1337

prion1 symantec1 cvelist1 seebug1 nvd1 openvas2 nessus1 mskb1 securityvulns1