QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-3860

Back to search

CVE-2013-3860

Published: Oct 9, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

MS13-082
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:18517
vdb-entry
signature
x_refsource_OVAL
TA13-288A
third-party-advisory
x_refsource_CERT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now