Back to search
CVE-2010-3332
Published: Sep 22, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.ekoparty.org/juliano-rizzo-2010.php
x_refsource_MISC
oval:org.mitre.oval:def:12365
vdb-entry
signature
x_refsource_OVAL
ADV-2010-2751
vdb-entry
x_refsource_VUPEN
41409
third-party-advisory
x_refsource_SECUNIA
43316
vdb-entry
x_refsource_BID
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle
x_refsource_CONFIRM
http://www.microsoft.com/technet/security/advisory/2416728.mspx
x_refsource_CONFIRM
1024459
vdb-entry
x_refsource_SECTRACK
http://isc.sans.edu/diary.html?storyid=9568
x_refsource_MISC
ADV-2010-2429
vdb-entry
x_refsource_VUPEN
MS10-070
vendor-advisory
x_refsource_MS
http://twitter.com/thaidn/statuses/24832350146
x_refsource_MISC
ms-aspdotnet-padding-info-disclosure(61898)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now