CVE-2010-3332
Published Sep 22, 2010
Last updated 4 years ago
Overview
- Description
- Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-209
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C3652F-6730-44B0-8200-FA51D935BBA0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_information_services:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "866547A0-AC34-41F8-A6AA-E8D820237C0B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]