Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2010-3332
Description:Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
Test IDs: 1.3.6.1.4.1.25623.1.0.901161   1.3.6.1.4.1.25623.1.1.4.2012.0393.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-3332
BugTraq ID: 43316
http://www.securityfocus.com/bid/43316
http://isc.sans.edu/diary.html?storyid=9568
http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
http://twitter.com/thaidn/statuses/24832350146
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx
http://www.ekoparty.org/juliano-rizzo-2010.php
http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
Microsoft Security Bulletin: MS10-070
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12365
http://securitytracker.com/id?1024459
http://secunia.com/advisories/41409
http://www.vupen.com/english/advisories/2010/2429
http://www.vupen.com/english/advisories/2010/2751
XForce ISS Database: ms-aspdotnet-padding-info-disclosure(61898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898




© 1998-2021 E-Soft Inc. All rights reserved.