Main Vulnerability Database SB2010091701

SB2010091701 - Information disclosure in ASP.NET

Published: September 17, 2010

Security Bulletin ID SB2010091701

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2010-3332)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of errors during encryption padding verification. A remote attacker can gain access to potentially sensitive encrypted information, such as view state, read files and possibly forge cookies.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information and potentially compromise vulnerable web application.

Note: this vulnerability is being publicly exploited.

Remediation

Install update from vendor's website.

SB2010091701 - Information disclosure in ASP.NET

Breakdown by Severity

Description

Remediation

References

Please verify you're human