Skip to content
Medium Published: Sep 22, 2010 Modified: Apr 11, 2025

CVE-2010-3332

6.4 CVSS Score Medium
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Export CVE-2010-3332 Data:
Share:
Link copied!

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Confidentiality P
Integrity P
Availability None

Affected Software Configurations

  • a microsoft .net_framework 1.1 sp1 * * * * * *
  • a microsoft .net_framework 2.0 sp1 * * * * * *
  • a microsoft .net_framework 2.0 sp2 * * * * * *
  • a microsoft .net_framework 3.5 - * * * * * *
  • a microsoft .net_framework 3.5 sp1 * * * * * *
  • a microsoft .net_framework 3.5.1 * * * * * * *
  • a microsoft .net_framework 4.0 - * * * * * *
  • a microsoft internet_information_services - * * * * * * *

Weaknesses (CWE)

  • CWE-209

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2000-1191 CVSS 0 Same weakness: CWE-209 CVE-2017-7945 CVSS 0 Same weakness: CWE-209 CVE-2017-1370 CVSS 0 Same weakness: CWE-209 CVE-2018-2379 CVSS 0 Same weakness: CWE-209 CVE-2018-11325 CVSS 0 Same weakness: CWE-209

CVE History Timeline

Sep 22, 2010 22:31 Initial Analysis
Aug 17, 2017 01:32 CVE Modified
Sep 19, 2017 01:31 CVE Modified
Oct 12, 2018 21:58 CVE Modified
Nov 23, 2020 19:50 Modified Analysis
May 14, 2024 02:21 CVE Modified
Nov 21, 2024 01:18 CVE Modified
← Back to CVE Tracker