Vulnerability CVE-2010-3332

Vulnerability Name:

CVE-2010-3332 (CCN-61898)

Assigned:

2010-09-17

Published:

2010-09-17

Updated:

2020-11-23

Summary:

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

CVSS v3 Severity:

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)
7.8 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-209

Vulnerability Consequences:

Obtain Information

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*

AND

cpe:/a:microsoft:internet_information_services:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:asp.net:3.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42399	P	Security update for the Linux Kernel (Important)	2022-06-24
oval:org.opensuse.security:def:42400	P	Security update for the Linux Kernel (Important)	2022-06-24
oval:org.opensuse.security:def:20103332	V	CVE-2010-3332	2022-05-20
oval:org.opensuse.security:def:42192	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:26221	P	Security update for python-numpy (Moderate) (in QA)	2022-01-17
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:31721	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:32235	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:31710	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:26172	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:31709	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:31706	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:32213	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:26134	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32999	P	Security update for grilo (Important)	2021-09-09
oval:org.opensuse.security:def:31264	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31677	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:26119	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32174	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32172	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31253	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32171	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32163	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:32955	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32956	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:33676	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:32125	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36381	P	bytefx-data-mysql-2.6.7-0.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42650	P	mono-core-2.6.7-0.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36243	P	mono-core-2.6.7-0.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26067	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32932	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:26053	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:32917	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31619	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:33637	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:32072	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:32069	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:32893	P	Security update for wpa_supplicant (Moderate)	2021-04-09
oval:org.opensuse.security:def:26215	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:32279	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:28950	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:32259	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:31338	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31252	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:26111	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:32006	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:31562	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:35992	P	mono-core-2.6.7-0.7.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35993	P	mono-core-2.6.7-0.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35785	P	mono-core-2.6.7-0.7.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25554	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:31769	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26560	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25931	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:32393	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26274	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25746	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26648	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26006	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25761	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31967	P	Security update for intel-SINIT (Important)	2020-12-01
oval:org.opensuse.security:def:26956	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25884	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:32375	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26706	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32028	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25336	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31470	P	Security update for ppp	2020-12-01
oval:org.opensuse.security:def:26369	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32463	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:27379	P	bytefx-data-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25792	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:31795	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:28595	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:32710	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25411	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:31826	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26471	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:32529	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25804	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28801	P	Security update for openssh (Critical)	2020-12-01
oval:org.opensuse.security:def:28162	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25620	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26524	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33206	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31459	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:25996	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32631	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28889	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26784	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28239	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:25968	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27206	P	libpixman-1-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31471	P	Security update for ppp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:32844	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28454	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25543	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:26507	P	Security update for cacti, cacti-spine (Important)	2020-12-01
oval:org.opensuse.security:def:29624	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26260	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:25618	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:26609	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25942	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32487	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31918	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32319	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:26662	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25912	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:26991	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25335	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:32424	P	Security update for wpa_supplicant (Important)	2020-12-01
oval:org.opensuse.security:def:27344	P	libcurl4-openssl1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28511	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:26014	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25347	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26422	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32485	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:31927	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:28747	P	Security update for libksba	2020-12-01
oval:org.opensuse.security:def:32749	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28161	P	Security update for kernel-source (Moderate)	2020-12-01
oval:org.opensuse.security:def:25539	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:31913	P	Security update for gcc5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26510	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:32544	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28850	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26749	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28173	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25677	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:26568	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:32787	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28906	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:28369	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27241	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25542	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31545	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26356	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29588	P	Security update for php5	2020-12-01
oval:org.mitre.oval:def:12365	V	ASP.NET Padding Oracle Vulnerability	2014-08-18

BACK