CVE-2013-0005
Microsoft .NET Framework 3.5-4 - Denial of Service via WCF Replace Function
Title source: llmDescription
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007
Scores
EPSS
0.3210
EPSS Percentile
98.1%
Details
CWE
CWE-20
Status
published
Products (4)
microsoft/.net_framework
3.5 (2 CPE variants)
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.0
microsoft/management_odata_iis_extension
Published
Jan 09, 2013
Tracked Since
Feb 18, 2026