CVE-2013-0005

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.5 through 4 Management OData IIS Extension on Windows Server 2012

Description A denial of service issue exists in the OData protocol implementation, allowing remote attackers to cause a denial of service via crafted values in HTTP requests. This could cause the server or service to stop responding and restart.

Recommendations For Microsoft .NET Framework versions 3.5 through 4, update to a version that includes the fix for this issue. For Management OData IIS Extension on Windows Server 2012, restrict access to the OData endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the WCF Replace function in the Open Data protocol implementation until a patch is available.