Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:INFO-LEAK:ASP-ORACLE-PAD

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 ASP.NET Padding Oracle Information Disclosure Vulnerability

Release Date

 2010/09/21

Update Number

 1777

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: ASP.NET Padding Oracle Information Disclosure Vulnerability


This signature detects attempts to exploit a known vulnerability against ASP.NET. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.

Extended Description

Microsoft .NET Framework is prone to an information-disclosure vulnerability in ASP.NET that affects SharePoint. Successful exploits will allow attackers to decrypt and gain access to potentially sensitive data encrypted by the server or read data from arbitrary files within an ASP.NET application. Obtained information may aid in further attacks. This issue affects Microsoft .NET Framework versions 4.0 and prior.

Affected Products

  • Avaya Aura Conferencing 6.0
  • Avaya Aura Conferencing 6.0 Standard
  • Avaya CallPilot Unified Messaging
  • Avaya Communication Server 1000 Telephony Manager
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server 4
  • Avaya Messaging Application Server 5
  • Avaya Messaging Application Server MM 1.1
  • Avaya Messaging Application Server MM 2.0
  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • Avaya Messaging Application Server
  • Gentoo Linux
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.0 SP1
  • Microsoft .NET Framework 1.0 SP2
  • Microsoft .NET Framework 1.0 SP3
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.1 SP1
  • Microsoft .NET Framework 1.1 SP2
  • Microsoft .NET Framework 1.1 SP3
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 2.0 SP1
  • Microsoft .NET Framework 2.0 SP2
  • Microsoft .NET Framework 3.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5 SP1
  • Microsoft .NET Framework 4.0
  • Microsoft SharePoint Server 2007 12.0.0.6318
  • Microsoft SharePoint Server 2007 12.0.0.6421
  • Microsoft SharePoint Server 2007 SP1
  • Microsoft SharePoint Server 2007 SP2
  • Microsoft SharePoint Server 2007
  • Microsoft SharePoint Server 2007 Enterprise Edition
  • Microsoft SharePoint Server 2007 Standard Edition
  • Microsoft SharePoint Server 2007 x64 SP1
  • Microsoft SharePoint Server 2007 x64 SP2
  • Microsoft SharePoint Server 2007 x64
  • Microsoft SharePoint Server 2010 Enterprise Edition
  • Microsoft SharePoint Server 2010 Standard Edition
  • Microsoft SharePoint Services 3.0 SP1
  • Microsoft SharePoint Services 3.0 SP2
  • Microsoft SharePoint Services 64-bit 2.0

References

  • BugTraq: 43316
  • CVE: CVE-2010-3332
  • URL: http://www.microsoft.com/technet/security/advisory/2416728.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out