Improper input validation in Microsoft Management_odata_iis_extension
CVE-2013-0005
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.653 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Management_odata_iis_extension
- Microsoft .Net_framework — versions 3.5, 3.5.1, 4.0
- Microsoft Windows_7
- Microsoft Windows_8
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_server_2012
- Microsoft Windows_vista
- Microsoft Windows_xp — versions sp2
- N/a — versions n/a
Weakness classification (CWE)
References
- TA13-008A (US Government Resource, x_refsource_CERT, third-party-advisory)
- oval:org.mitre.oval:def:16282 (x_refsource_OVAL, signature, vdb-entry)
- MS13-007 (x_refsource_MS, vendor-advisory)