MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service
2013-01-08 This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Replace Denial of Service Vulnerability
- A denial of service vulnerability exists in the OData specification that could allow denial of service. The vulnerability could cause the server or service to stop responding and restart.
CVE-2013-0005
Bulletin details at Microsoft.com
Related CVE Entries
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Max CVSS
7.8
EPSS Score
59.02%
Published
2013-01-09
Updated
2023-12-07