ID CVE-2010-3332
Summary Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
References
Vulnerable Configurations
  • Microsoft .NET Framework Version 1.0, Service Pack 3
    cpe:2.3:a:microsoft:.net_framework:1.0:sp3
  • Microsoft .NET Framework Version 1.1 Service Pack 1
    cpe:2.3:a:microsoft:.net_framework:1.1:sp1
  • Microsoft .NET Framework 2.0 Service Pack 1
    cpe:2.3:a:microsoft:.net_framework:2.0:sp1
  • Microsoft .NET Framework 2.0 Service Pack 2
    cpe:2.3:a:microsoft:.net_framework:2.0:sp2
  • Microsoft .net Framework 3.5
    cpe:2.3:a:microsoft:.net_framework:3.5
  • Microsoft .NET Framework 3.51 Service Pack 1
    cpe:2.3:a:microsoft:.net_framework:3.5:sp1
  • Microsoft .net Framework 3.5.1
    cpe:2.3:a:microsoft:.net_framework:3.5.1
  • Microsoft .NET Framework 4.0
    cpe:2.3:a:microsoft:.net_framework:4.0
  • cpe:2.3:a:microsoft:iis
    cpe:2.3:a:microsoft:iis
CVSS
Base: 5.0 (as of 22-09-2010 - 18:31)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
  • description MS10-070 ASP.NET Padding Oracle File Download. CVE-2010-3332. Remote exploit for asp platform
    id EDB-ID:15265
    last seen 2016-02-01
    modified 2010-10-17
    published 2010-10-17
    reporter Agustin Azubel
    source https://www.exploit-db.com/download/15265/
    title ASP.NET Padding Oracle File Download MS10-070
  • description ASP.NET Padding Oracle Vulnerability (MS10-070). CVE-2010-3332. Remote exploit for asp platform
    id EDB-ID:15213
    last seen 2016-02-01
    modified 2010-10-06
    published 2010-10-06
    reporter Giorgio Fedon
    source https://www.exploit-db.com/download/15213/
    title ASP.NET Padding Oracle Vulnerability MS10-070
  • description MS10-070 ASP.NET Auto-Decryptor File Download Exploit. CVE-2010-3332. Remote exploit for windows platform
    id EDB-ID:15292
    last seen 2016-02-01
    modified 2010-10-20
    published 2010-10-20
    reporter Agustin Azubel
    source https://www.exploit-db.com/download/15292/
    title ASP.NET Auto-Decryptor File Download Exploit MS10-070
msbulletin via4
bulletin_id MS10-070
bulletin_url
date 2010-09-28T00:00:00
impact Information Disclosure
knowledgebase_id 2418042
knowledgebase_url
severity Important
title Vulnerability in ASP.NET Could Allow Information Disclosure
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BYTEFX-DATA-MYSQL-8001.NASL
    description The FORMS authentication methods of mono ASP.net implementation were vulnerable to a padding oracle attack as described in CVE-2010-3332, as they did encryption after checksum. This update changes the method to checksum after encryption to avoid this attack.
    last seen 2019-01-16
    modified 2012-06-14
    plugin id 58408
    published 2012-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58408
    title SuSE 10 Security Update : Mono (ZYPP Patch Number 8001)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BYTEFX-DATA-MYSQL-110331.NASL
    description The following security bugs have been fixed : - Mono was vulnerable to a padding oracle attack. (CVE-2010-3332) - Mono loaded shared libraries from the current directory. (CVE-2010-4159)
    last seen 2018-09-02
    modified 2013-10-25
    plugin id 53528
    published 2011-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53528
    title SuSE 11.1 Security Update : Mono (SAT Patch Number 4260)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS10-070.NASL
    description There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework 3.5 SP1 and above, an attacker could exploit this to download any file within the ASP.NET application, including web.config.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 49695
    published 2010-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49695
    title MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 59651
    published 2012-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59651
    title GLSA-201206-13 : Mono: Multiple vulnerabilities
  • NASL family CGI abuses
    NASL id PADDING_ORACLE.NASL
    description By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. Note that this plugin should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled in that.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 50413
    published 2010-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50413
    title CGI Generic Padding Oracle
  • NASL family Windows
    NASL id PADDING_ORACLE_MS10-070.NASL
    description There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework 3.5 SP1 and above, an attacker could exploit this to download any file within the ASP.NET application, including web.config.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 49806
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49806
    title MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check)
oval via4
accepted 2014-08-18T04:00:27.401-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 1.1 Service Pack 1 is Installed
    oval oval:org.mitre.oval:def:1834
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft .NET Framework 2.0 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6158
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft .NET Framework 2.0 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:6428
  • comment Microsoft .NET Framework 3.5 Original Release is installed
    oval oval:org.mitre.oval:def:6689
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 3.5 Original Release is installed
    oval oval:org.mitre.oval:def:6689
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 3.5 SP1 is installed
    oval oval:org.mitre.oval:def:12542
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft .NET Framework 4.0 Full is installed
    oval oval:org.mitre.oval:def:12623
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 2.0 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:6428
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 2.0 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6158
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft .NET Framework 2.0 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6158
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft .NET Framework 3.5 SP1 is installed
    oval oval:org.mitre.oval:def:12542
description Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
family windows
id oval:org.mitre.oval:def:12365
status accepted
submitted 2011-02-09T13:00:00
title ASP.NET Padding Oracle Vulnerability
version 45
refmap via4
bid 43316
confirm
misc
ms MS10-070
sectrack 1024459
secunia 41409
vupen
  • ADV-2010-2429
  • ADV-2010-2751
xf ms-aspdotnet-padding-info-disclosure(61898)
Last major update 03-10-2011 - 00:00
Published 22-09-2010 - 15:00
Last modified 12-10-2018 - 17:58
Back to Top