Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB2418042
HistoryMay 11, 2012 - 10:22 p.m.

MS10-070: Vulnerability in ASP.NET could allow information disclosure

2012-05-1122:22:14
Microsoft
support.microsoft.com
36

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

<html><body><p>Resolves a vulnerability in ASP.NET that could allow information disclosure. An attacker that successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS10-070. To view the complete security bulletin, visit one of the following Microsoft websites:<br /><ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/updates/bulletins/201009.aspx” target=“_self”>http://www.microsoft.com/security/updates/bulletins/201009.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div>For more information about how to configure legacy encryption mode in ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2425938”>2425938 </a> How to configure legacy encryption mode in ASP.NET </div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. <br /><br /><a href=“https://support.microsoft.com/en-us/help/2416447”>2416447 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 (64-bit), Windows Vista, and Windows Server 2008<br /><br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 1.1 Service Pack 1, click the following article numbers to view the articles in the Microsoft Knowledge Base:<br /><br /><div><a href=“https://support.microsoft.com/en-us/help/2433751”>2433751 </a> FIX: Forms authentication cookies compatibility issue between .NET Framework 1.1 and .NET Framework 2.0 SP2 ASP.NET applications after you apply the security update from security bulletin MS10-070<br /><a href=“https://support.microsoft.com/en-us/help/2431208”>2431208 </a> An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending<br /><a href=“https://support.microsoft.com/en-us/help/923100”>923100 </a> When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code “0x643” or Windows Installer error code “1603” <br /><a href=“https://support.microsoft.com/en-us/help/938244”>938244 </a> The file version is rolled back to the version that was installed by the last service pack when you remove an update for the .NET Framework 1.0, the .NET Framework 1.1, Visual Studio .NET 2002 or Visual Studio .NET 2003<br /><a href=“https://support.microsoft.com/en-us/help/2197103”>2197103 </a> A known issue when you try to install an update on a computer that does not have the Microsoft .NET Framework 1.1 Service Pack 1 installed <br /><a href=“https://support.microsoft.com/en-us/help/923101”>923101 </a> Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: “Error 1324. The folder ‘Program Files’ contains an invalid character” <br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted<br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error <br /></div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416473”>2416473 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2431806”>2431806 </a> Updates for the .NET Framework 2.0 Service Pack 2, the .NET Framework 3.0 Service Pack 2, or the .NET Framework 3.5 Service Pack 1 may not correctly update files even when installation of the update succeeds <br /><a href=“https://support.microsoft.com/en-us/help/2431208”>2431208 </a> An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending<br /><a href=“https://support.microsoft.com/en-us/help/923100”>923100 </a> When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code “0x643” or Windows Installer error code “1603” <br /><a href=“https://support.microsoft.com/en-us/help/923101”>923101 </a> Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: “Error 1324. The folder ‘Program Files’ contains an invalid character”<br /><a href=“https://support.microsoft.com/en-us/help/2197146”>2197146 </a> Updates for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 may cause the Microsoft Knowledge Base article number to appear instead of the full title of the update in the Add or Remove Programs item in Control Panel<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted<br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416474”>2416474 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416754”>2416754 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5.1 in Windows 7 Service Pack 1 beta and in Windows Server 2008 R2 Service Pack 1 beta<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5.1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2418240”>2418240 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Server 2008, on Windows Vista, on Windows XP, and on Windows Server 2003<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/923100”>923100 </a> When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code “0x643” or Windows Installer error code “1603”<br /><a href=“https://support.microsoft.com/en-us/help/923101”>923101 </a> Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: “Error 1324. The folder ‘Program Files’ contains an invalid character”<br /><a href=“https://support.microsoft.com/en-us/help/2197148”>2197148 </a> A known issue with the Microsoft .NET Framework 2.0 Service Pack 1 updates and the Microsoft .NET Framework 3.5 updates<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted<br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2418241”>2418241 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and on Windows XP<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2431806”>2431806 </a> Updates for the .NET Framework 2.0 Service Pack 2, the .NET Framework 3.0 Service Pack 2, or the .NET Framework 3.5 Service Pack 1 may not correctly update files even when installation of the update succeeds <br /><a href=“https://support.microsoft.com/en-us/help/2431208”>2431208 </a> An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending<br /><a href=“https://support.microsoft.com/en-us/help/923100”>923100 </a> When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code “0x643” or Windows Installer error code “1603” <br /><a href=“https://support.microsoft.com/en-us/help/923101”>923101 </a> Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: “Error 1324. The folder ‘Program Files’ contains an invalid character”<br /><a href=“https://support.microsoft.com/en-us/help/2197146”>2197146 </a> Updates for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 may cause the Microsoft Knowledge Base article number to appear instead of the full title of the update in the Add or Remove Programs item in Control Panel<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted<br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416451”>2416451 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 1.1 Service Pack 1 on 32-bit editions of Windows Server 2003 Service Pack 2 and Windows Server 2003 R2 Service Pack 2<br /><br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 1.1 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2433751”>2433751 </a> FIX: Forms authentication cookies compatibility issue between .NET Framework 1.1 and .NET Framework 2.0 SP2 ASP.NET applications after you apply the security update from security bulletin MS10-070<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416468”>2416468 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Server 2003 and on Windows XP<br /><br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5, click the following article numbers to view the articles in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2431208”>2431208 </a> An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending<br /><a href=“https://support.microsoft.com/en-us/help/923100”>923100 </a> When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code “0x643” or Windows Installer error code “1603” <br /><a href=“https://support.microsoft.com/en-us/help/923101”>923101 </a> Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: “Error 1324. The folder ‘Program Files’ contains an invalid character”<br /><a href=“https://support.microsoft.com/en-us/help/2197148”>2197148 </a> A known issue with the Microsoft .NET Framework 2.0 Service Pack 1 updates and the Microsoft .NET Framework 3.5 updates<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted<br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error<br /></div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416469”>2416469 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Vista Service Pack 1 and on Windows Server 2008<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416470”>2416470 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 2 and on Windows Server 2008 Service Pack 2<br /><br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error<br /><br /><br /><br /><a href=“https://support.microsoft.com/en-us/help/2436257”>2436257 </a> Updates for the .NET Framework 2.0 SP2 and .NET Framework 3.0 SP2 may chain install other updates<br /><br /><br /><br /></div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416471”>2416471 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 3.5.1 in Windows 7 and in Windows Server 2008 R2<br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5.1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error</div></li></ul><a href=“https://support.microsoft.com/en-us/help/2416472”>2416472 </a> <br />MS10-070: Description of the security update for the Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2<br /><br /><ul><li>For more information about installation issues with this security update or with the Microsoft .NET Framework Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2431208”>2431208 </a> An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending<br /><a href=“https://support.microsoft.com/en-us/help/2260913”>2260913 </a> Files in use or File Locks can Result in Framework Assembly Files being Deleted <br /><a href=“https://support.microsoft.com/en-us/help/2263996”>2263996 </a> Patching of Microsoft Framework can fail with Access is denied or File in Use error<br /><a href=“https://support.microsoft.com/en-us/help/2473228”>2473228 </a> Products or updates may not be installed correctly when Microsoft .NET Framework 4 or updates for Microsoft .NET Framework 4 are installed after the other product or update installs and a restart is pending<br /></div></li></ul>The following known issue affect all of the updates that are described in Security Bulletin MS10-070:<br /><div><a href=“https://support.microsoft.com/en-us/help/2431728”>2431728 </a> Encrypted content in ASP.NET is not decrypted for a website that is deployed in a web farm</div></div></body></html>

Related

nessus 6
seebug 1
prion 1
openvas 4
checkpoint_advisories 2
cve 1
gentoo 1
nessus
nessus
SuSE 10 Security Update : Mono (ZYPP Patch Number 8001)
2012-03-21 00:00:00
MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check)
2010-10-08 00:00:00
CGI Generic Padding Oracle
2010-10-29 00:00:00
seebug
seebug
MS10-070 ASP.NET Padding Oracle File Download
2010-10-17 00:00:00
prion
prion
Buffer overflow
2010-09-22 19:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0393-1)
2021-06-09 00:00:00
Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
2010-09-29 00:00:00
Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger)
2012-08-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple HTTP Error Responses (CVE-2010-3332)
2010-09-19 00:00:00
Microsoft ASP.NET PKCS Padding Information Disclosure (MS10-070; CVE-2010-3332)
2012-12-23 00:00:00
cve
cve
CVE-2010-3332
2010-09-22 19:00:00
gentoo
gentoo
Mono: Multiple vulnerabilities
2012-06-21 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON
Related for KB2418042
nessus6seebug1prion1openvas4checkpoint_advisories2cve1gentoo1