CVE-2013-0005

Microsoft .NET Framework 3.5-4 - Denial of Service via WCF Replace Function

Title source: llm
STIX 2.1

Description

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282

Scores

EPSS 0.3210
EPSS Percentile 98.1%

Details

CWE
CWE-20
Status published
Products (4)
microsoft/.net_framework 3.5 (2 CPE variants)
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/management_odata_iis_extension
Published Jan 09, 2013
Tracked Since Feb 18, 2026