Detections
Analytics
MS13-103: Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
medium Nessus Plugin ID 71318
Language:
Synopsis
The remote host has an application that is affected by a cross-site scripting vulnerability.Description
The remote host is running a version of ASP.NET SignalR that is affected by a cross-site scripting vulnerability that results in privilege escalation. An attacker who successfully exploited this vulnerability could take any action that the targeted user could take on the site.Solution
Microsoft has released a set of patches for Visual Studio Team Foundation Server 2013 and ASP.NET SignalR.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-103
Plugin Details
Severity: Medium
ID: 71318
File Name: smb_nt_ms13-103.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 12/11/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:asp.net_signalr, cpe:/a:microsoft:visual_studio_team_foundation_server
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 12/10/2013
Vulnerability Publication Date: 12/10/2013
Reference Information
CVE: CVE-2013-5042
BID: 64093