Vulnerability Name: | CVE-2013-1337 (CCN-83879) | ||||||||
Assigned: | 2013-05-14 | ||||||||
Published: | 2013-05-14 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-287 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-1337 Source: CCN Type: SA53350 Microsoft .Net Framework Two Security Bypass Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) Source: CCN Type: Microsoft Security Bulletin MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) Source: CCN Type: Microsoft Security Bulletin MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) Source: CCN Type: Microsoft Security Bulletin MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) Source: CCN Type: Microsoft Security Bulletin MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864) Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-123 Security Update for Skype for Business and Lync to Address Information Disclosure (3105872) Source: CCN Type: Microsoft Security Bulletin MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS15-129 Security Update for Silverlight to Address Remote Code Execution (3106614) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162) Source: CCN Type: Microsoft Security Bulletin MS15-135 Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-006 Security Update for Silverlight to Address Remote Code Execution (3126036) Source: CCN Type: Microsoft Security Bulletin MS16-008 Security Update for Kernel to Address Elevation of Privilege (3124605) Source: CCN Type: Microsoft Security Bulletin MS16-014 Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Source: CCN Type: Microsoft Security Bulletin MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-044 Security Update for Windows OLE (3146706) Source: CCN Type: Microsoft Security Bulletin MS16-048 Security Update for CSRSS (3148528) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-060 Security Update for Windows Kernel (3154846) Source: CCN Type: Microsoft Security Bulletin MS16-061 Security Update for Microsoft RPC (3155520) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-092 Security Update for Windows Kernel (3171910) Source: CCN Type: Microsoft Security Bulletin MS16-097 Security Update for Microsoft Graphics Component (3177393) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-106 Security Update for Microsoft Graphics Component (3185848) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-109 Security Update for Silverlight (3182373) Source: CCN Type: Microsoft Security Bulletin MS16-111 Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-122 Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123 Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124 Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126 Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131 Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-139 Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-006 Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CCN Type: BID-59790 Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA13-134A Source: MS Type: UNKNOWN MS13-040 Source: XF Type: UNKNOWN ms-dotnet-cve20131337-sec-bypass(83879) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:16741 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |