MS13-007  Vulnerability in Open Data Protocol Could Allow Denial of Service

2013-01-08 This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Vulnerabilities addressed in this bulletin:
Replace Denial of Service Vulnerability
A denial of service vulnerability exists in the OData specification that could allow denial of service. The vulnerability could cause the server or service to stop responding and restart.
CVE-2013-0005

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Max CVSS
7.8
EPSS Score
59.02%
Published
2013-01-09
Updated
2023-12-07
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close