Oval Definition:	oval:org.mitre.oval:def:16741
Revision Date: 2014-08-18 Version: 21 Title: Mircosoft .NET Framework authentication bypass vulnerability - (CVE-2013-1337) MS13-040 Description: Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-1337 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Product(s): Microsoft .NET Framework 4.5 Definition Synopsis Microsoft .NET Framework 4.5 is installed AND Check for vulnerable file version Check for vulnerable OS/file version Check for vulnerable OS Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed AND Check for LDR/GDR Check if version of System.Security.dll is less than 4.0.30319.18038 OR Check for LDR Check if version of System.Security.dll is greater than or equal to 4.0.30319.19000 AND Check if version of System.Security.dll is less than 4.0.30319.19057 OR Check for vulnerable file version Check for vulnerable OS Microsoft Windows 8 is installed OR Microsoft Windows Server 2012 (64-bit) is installed AND Check for LDR/GDR Check if version of System.Security.dll is less than 4.0.30319.18039 OR Check for LDR Check if version of System.Security.dll is greater than or equal to 4.0.30319.19000 AND Check if version of System.Security.dll is less than 4.0.30319.19058
BACK