CVE-2013-0081

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Portal Server 2003 SP3 Microsoft SharePoint Server 2007 SP3 Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2013

Description A denial of service issue exists due to improper processing of unassigned workflows, allowing remote attackers to cause a denial of service via a crafted URL. This can lead to the W3WP process hanging, making the SharePoint site and other sites under the same process unavailable until the process is restarted.

Recommendations For Microsoft SharePoint Portal Server 2003 SP3, update to a version that properly processes unassigned workflows. For Microsoft SharePoint Server 2007 SP3, update to a version that properly processes unassigned workflows. For Microsoft SharePoint Server 2010 SP1, update to a version that properly processes unassigned workflows. For Microsoft SharePoint Server 2010 SP2, update to a version that properly processes unassigned workflows. For Microsoft SharePoint Server 2013, update to a version that properly processes unassigned workflows. As a temporary workaround, consider restricting access to crafted URLs that could exploit the denial of service vulnerability until a patch is available.