1. Home
  2. CVE Database
  3. CVE-2013-0005
HIGH · 7.8

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, all...

Vulnerability Description

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
Microsoft.Net Framework3.5
MicrosoftWindows 8-
MicrosoftWindows Server 2012-
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions
MicrosoftWindows 7All versions
MicrosoftManagement Odata Iis Extension-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-0005?

CVE-2013-0005 is a vulnerability with a CVSS score of 7.8 (HIGH). The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, all...

How severe is CVE-2013-0005?

CVE-2013-0005 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0005?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows Server 2003, Microsoft Windows Server 2008.