CVE-2013-0013 - Vulnerability Details

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 7 Windows 8 Windows Rt Windows Server 2008 Windows Server 2012 Windows Vista

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:::x64:::::*
	cpe:2.3:o:microsoft:windows_7:::x86:::::*
	cpe:2.3:o:microsoft:windows_7::sp1:x64:::::
	cpe:2.3:o:microsoft:windows_7::sp1:x86:::::
	cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*
	cpe:2.3:o:microsoft:windows_rt:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*

No data.

References

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16273

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2013-01-09T18:00:00

Updated: 2024-08-06T14:10:56.761Z

Reserved: 2012-11-27T00:00:00

Link: CVE-2013-0013

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-01-09T18:09:40.540

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-0013

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object