cve-2013-1336
Vulnerability from cvelistv5
Published
2013-05-15 01:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:05.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA13-134A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-134A", }, { name: "MS13-040", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040", }, { name: "oval:org.mitre.oval:def:16559", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-05-14T00:00:00", descriptions: [ { lang: "en", value: "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA13-134A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-134A", }, { name: "MS13-040", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040", }, { name: "oval:org.mitre.oval:def:16559", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1336", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA13-134A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-134A", }, { name: "MS13-040", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040", }, { name: "oval:org.mitre.oval:def:16559", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1336", datePublished: "2013-05-15T01:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:05.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A6DF09-B8E1-414D-97E7-453566055279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"792B417F-96A0-4E9D-9E79-5D7F982E2225\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61FAD9EE-FA7F-4B39-8A9B-AFFAEC8BF214\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \\\"XML Digital Signature Spoofing Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"El Common Language Runtime (CLR) en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, y 4.5, no valida adecuadamente las firmas, lo que permite a atacantes remotos modificar sin ser detectados documentos XML firmados. Esto se realiza a trav\\u00e9s de vectores no especificados que conservan la validez de la firma. Aka \\\"XML Digital Signature Spoofing Vulnerability.\\\"\"}]", id: "CVE-2013-1336", lastModified: "2024-11-21T01:49:23.117", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2013-05-15T03:36:34.403", references: "[{\"url\": \"http://www.us-cert.gov/ncas/alerts/TA13-134A\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/ncas/alerts/TA13-134A\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2013-1336\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2013-05-15T03:36:34.403\",\"lastModified\":\"2024-11-21T01:49:23.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \\\"XML Digital Signature Spoofing Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El Common Language Runtime (CLR) en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, y 4.5, no valida adecuadamente las firmas, lo que permite a atacantes remotos modificar sin ser detectados documentos XML firmados. Esto se realiza a través de vectores no especificados que conservan la validez de la firma. Aka \\\"XML Digital Signature Spoofing Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"792B417F-96A0-4E9D-9E79-5D7F982E2225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61FAD9EE-FA7F-4B39-8A9B-AFFAEC8BF214\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/ncas/alerts/TA13-134A\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/ncas/alerts/TA13-134A\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.