Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3332

Опубликовано: 22 сент. 2010
Источник: nvd
CVSS2: 6.4
EPSS Высокий

Описание

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.85142
Высокий

6.4 Medium

CVSS2

Дефекты

CWE-209

Связанные уязвимости

github логотип

GHSA-crcj-w6h9-q5f6

github
больше 3 лет назад

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

EPSS

Процентиль: 99%
0.85142
Высокий

6.4 Medium

CVSS2

Дефекты

CWE-209