New Search

ASP.NET Padding Oracle Vulnerability

oval:org.mitre.oval:def:12365

Microsoft .NET Framework 1.1 SP1 2.0 SP1 and SP2 3.5 3.5 SP1 3.5.1 and 4.0 as used for ASP.NET in Microsoft Internet Information Services (IIS) provides detailed error codes during decryption attempts which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data and possibly forge cookies or read application files via a padding oracle attack aka "ASP.NET Padding Oracle Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows XP
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2010-3332
Product(s):
  • Microsoft .NET Framework