This script is Copyright (C) 2013 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :
- A spoofing vulnerability exists that could allow an
attacker to modify the contents of an XML file without
invalidating the signature associated with the file.
- An authentication bypass vulnerability exists because of
the way the Microsoft .NET framework improperly creates
policy requirements for authentication when setting up
WCF endpoint authentication. A remote attacker who
exploited this vulnerability may be able to steal
information or take actions in the context of an
authenticated user. (CVE-2013-1337)
See also :
Microsoft has released a set of patches for .NET Framework 2.0 SP2,
3.5.1, 4.0, and 4.5.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 4.7
Public Exploit Available : false