HTTP: ASP.NET Padding Oracle Information Disclosure Vulnerability
This signature detects attempts to exploit a known vulnerability against ASP.NET. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.
Extended Description
Microsoft .NET Framework is prone to an information-disclosure vulnerability in ASP.NET that affects SharePoint. Successful exploits will allow attackers to decrypt and gain access to potentially sensitive data encrypted by the server or read data from arbitrary files within an ASP.NET application. Obtained information may aid in further attacks. This issue affects Microsoft .NET Framework versions 4.0 and prior.
Affected Products
Avaya messaging_application_server,Microsoft sharepoint_server_2010_standard_edition
References
BugTraq: 43316
CVE: CVE-2010-3332
URL: http://www.microsoft.com/technet/security/advisory/2416728.mspx
Short Name
HTTP:INFO-LEAK:ASP-ORACLE-PAD
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ASP.NET CVE-2010-3332 Disclosure Information Oracle Padding Vulnerability bid:43316
Release Date
09/21/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
Gentoo
Avaya
CVSS Score
5.0