CVE-2013-1337

Опубликовано: 15 мая 2013

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."

Ссылки

http://www.us-cert.gov/ncas/alerts/TA13-134A
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741
http://www.us-cert.gov/ncas/alerts/TA13-134A
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.22765

Средний

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-73vm-jqp4-fcg6

github

больше 3 лет назад