CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-1337

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.238

EPSS Ranking 95.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.us-cert.gov/ncas/alerts/TA13-134A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741
http://www.us-cert.gov/ncas/alerts/TA13-134A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741

Products affected by CVE-2013-1337

Microsoft » .net Framework » Version: 4.5

cpe:2.3:a:microsoft:.net_framework:4.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1337

Products

Pricing

Contact Us