Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:INFO-LEAK:MS-PKCS-INFODISC

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft ASP.NET PKCS Padding Information Disclosure

Release Date

 2013/10/24

Update Number

 2313

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft ASP.NET PKCS Padding Information Disclosure


This signature detects attempts to exploit a known vulnerability in the Microsoft .NET Framework ASP.NET. A successful attack can lead to unauthorized information disclosure.

Extended Description

Microsoft .NET Framework is prone to an information-disclosure vulnerability in ASP.NET that affects SharePoint. Successful exploits will allow attackers to decrypt and gain access to potentially sensitive data encrypted by the server or read data from arbitrary files within an ASP.NET application. Obtained information may aid in further attacks. This issue affects Microsoft .NET Framework versions 4.0 and prior.

Affected Products

  • Avaya Aura Conferencing 6.0
  • Avaya Aura Conferencing 6.0 Standard
  • Avaya CallPilot Unified Messaging
  • Avaya Communication Server 1000 Telephony Manager
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server 4
  • Avaya Messaging Application Server 5
  • Avaya Messaging Application Server MM 1.1
  • Avaya Messaging Application Server MM 2.0
  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • Avaya Messaging Application Server
  • Gentoo Linux
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.0 SP1
  • Microsoft .NET Framework 1.0 SP2
  • Microsoft .NET Framework 1.0 SP3
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.1 SP1
  • Microsoft .NET Framework 1.1 SP2
  • Microsoft .NET Framework 1.1 SP3
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 2.0 SP1
  • Microsoft .NET Framework 2.0 SP2
  • Microsoft .NET Framework 3.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5 SP1
  • Microsoft .NET Framework 4.0
  • Microsoft SharePoint Server 2007 12.0.0.6318
  • Microsoft SharePoint Server 2007 12.0.0.6421
  • Microsoft SharePoint Server 2007 SP1
  • Microsoft SharePoint Server 2007 SP2
  • Microsoft SharePoint Server 2007
  • Microsoft SharePoint Server 2007 Enterprise Edition
  • Microsoft SharePoint Server 2007 Standard Edition
  • Microsoft SharePoint Server 2007 x64 SP1
  • Microsoft SharePoint Server 2007 x64 SP2
  • Microsoft SharePoint Server 2007 x64
  • Microsoft SharePoint Server 2010 Enterprise Edition
  • Microsoft SharePoint Server 2010 Standard Edition
  • Microsoft SharePoint Services 3.0 SP1
  • Microsoft SharePoint Services 3.0 SP2
  • Microsoft SharePoint Services 64-bit 2.0

References

  • BugTraq: 43316
  • CVE: CVE-2010-3332

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out