CVE-2010-3332

EPSS 83.60% · P99 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-3332

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft .NET Framework ASP.NET Padding Oracle攻击信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft .NET Framework是美国微软（Microsoft）公司开发的一种全面且一致的编程模型，也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库。使用.NET Framework所编译的ASP.Net应用中没有正确地实现加密，攻击者可以解密并篡改敏感数据。如果要理解这个漏洞，首先要了解加

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2010-3332

#	POC Description	Source Link	Shenlong Link
1	CVE-2010-3332 Oracle Padding Vulnerability in Microsoft ASP.NET	https://github.com/bongbongco/MS10-070	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2010-3332

请登录查看更多情报信息。

http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.htmlx_refsource_MISC
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310x_refsource_MISC
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspxx_refsource_CONFIRM
http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/x_refsource_MISC
http://www.microsoft.com/technet/security/advisory/2416728.mspxx_refsource_CONFIRM
http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-securityx_refsource_MISC
http://twitter.com/thaidn/statuses/24832350146x_refsource_MISC
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspxx_refsource_CONFIRM
http://www.ekoparty.org/juliano-rizzo-2010.phpx_refsource_MISC
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oraclex_refsource_CONFIRM
http://isc.sans.edu/diary.html?storyid=9568x_refsource_MISC
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspxx_refsource_MISC
http://secunia.com/advisories/41409third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/43316vdb-entryx_refsource_BID
http://securitytracker.com/id?1024459vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070vendor-advisoryx_refsource_MS
http://www.vupen.com/english/advisories/2010/2429vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/2751vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12365vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2010-3332

Same Patch Batch · n/a · 2010-09-22 · 16 CVEs total

CVE-2009-5003		e-soft24 Banner Exchange Script 'click.php' SQL注入漏洞
CVE-2010-3479		BoutikOne 'list.php' SQL注入漏洞
CVE-2010-3480		Apphp PHP MicroCMS本地文件包含漏洞
CVE-2010-3481		Apphp PHP MicroCMS 多个SQL注入漏洞
CVE-2010-3482		Bouzouste Primitive CMS 'cms_write.php'多个SQL注入漏洞
CVE-2010-3483		Bouzouste Primitive CMS 'cms_write.php'权限许可和访问控制漏洞
CVE-2010-3484		LightNEasy 'LightNEasy.php'SQL注入漏洞
CVE-2010-3485		LightNEasy 'common.php'SQL注入漏洞
CVE-2010-3486		Smartertools SmarterMail目录遍历漏洞
CVE-2010-3487		YelloSoft Pinky目录遍历漏洞
CVE-2010-3488		Houbysoft QuickShare目录遍历漏洞
CVE-2010-3489		Digitalworkroom Netautor Professional 'login2.php'跨站脚本攻击漏洞
CVE-2010-3301		Linux kernel 设计错误漏洞
CVE-2010-3313		Egroupware代码注入漏洞
CVE-2010-3314		EGroupware跨站脚本攻击漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2010-3332

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2010-3332

I. Basic Information for CVE-2010-3332

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2010-3332

III. Intelligence Information for CVE-2010-3332

Same Patch Batch · n/a · 2010-09-22 · 16 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2010-3332

Leave a comment