This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :
- A spoofing vulnerability exists that could allow an
attacker to modify the contents of an XML file without
invalidating the signature associated with the file.
- An authentication bypass vulnerability exists because of
the way the Microsoft .NET framework improperly creates
policy requirements for authentication when setting up
WCF endpoint authentication. A remote attacker who
exploited this vulnerability may be able to steal
information or take actions in the context of an
authenticated user. (CVE-2013-1337)
See also :
Microsoft has released a set of patches for .NET Framework 2.0 SP2,
3.5.1, 4.0, and 4.5.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 4.7
Public Exploit Available : false
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 66415 ()
Bugtraq ID: 5978959790
CVE ID: CVE-2013-1336CVE-2013-1337
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.