CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.8%
This host is missing a critical security update according to
Microsoft Bulletin MS10-070.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.901161");
script_version("2024-06-13T05:05:46+0000");
script_tag(name:"last_modification", value:"2024-06-13 05:05:46 +0000 (Thu, 13 Jun 2024)");
script_tag(name:"creation_date", value:"2010-09-29 13:56:35 +0200 (Wed, 29 Sep 2010)");
script_cve_id("CVE-2010-3332");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_name("Microsoft ASP.NET Information Disclosure Vulnerability (2418042)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("Windows : Microsoft Bulletins");
script_dependencies("find_service.nasl", "httpver.nasl", "webmirror.nasl",
"DDI_Directory_Scanner.nasl", "global_settings.nasl",
"gb_microsoft_iis_http_detect.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/2429");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43316");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070");
script_xref(name:"URL", value:"http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html");
script_xref(name:"URL", value:"http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx");
script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to decrypt and gain
access to potentially sensitive data encrypted by the server or read data from arbitrary
files within an ASP.NET application. Obtained information may aid in further attacks.");
script_tag(name:"affected", value:"- Microsoft ASP.NET 1.0
- Microsoft ASP.NET 4.0
- Microsoft ASP.NET 3.5.1
- Microsoft ASP.NET 1.1 SP1 and prior
- Microsoft ASP.NET 2.0 SP2 and prior
- Microsoft ASP.NET 3.5 SP1 and prior");
script_tag(name:"insight", value:"The flaw is due to an error within ASP.NET in the handling of
cryptographic padding when using encryption in CBC mode. This can be
exploited to decrypt data via returned error codes from an affected server.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"summary", value:"This host is missing a critical security update according to
Microsoft Bulletin MS10-070.");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
port = http_get_port(default:80);
if( ! http_can_host_asp( port:port ) )
exit( 0 );
res = http_get_cache(item:"/default.aspx", port:port);
if(res && "X-Powered-By: ASP.NET" >< res &&
!(ereg(pattern:"^HTTP/[0-9]\.[0-9] 500 Internal Server Error", string:res)))
{
## 500 Internal Server Error, else it will create false positive
req1 = http_get(item:string("/WebResource.axd"), port:port);
res1 = http_keepalive_send_recv(port:port, data:req1);
if(res1 && !(ereg(pattern:"^HTTP/[0-9]\.[0-9] 500 Internal Server Error", string:res1)))
{
req = http_get(item:string("/WebResource.axd?d="+rand()+"&t="+rand()), port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(res && ereg(pattern:"^HTTP/[0-9]\.[0-9] 500 .*", string:res)){
security_message(port);
}
}
}
weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
www.securityfocus.com/bid/43316
www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
www.vupen.com/english/advisories/2010/2429
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070