You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2010-3332
About this tag
CVE-2010-3332, also known as the ASP.NET Padding Oracle Vulnerability, was a security issue in Microsoft's ASP.NET framework that could allow information disclosure. Microsoft released Security Advisory 2416728 and later security bulletin MS10-070 to address this vulnerability. The advisory provided details about the issue and offered workarounds, such as enabling UrlScan or Request Filtering rules and configuring custom error pages. The security update was made available for download to fully resolve the vulnerability. This tag covers discussions and updates related to CVE-2010-3332, including the advisory revisions and the eventual patch release.
Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...
2010
advisory
asp.net
bulletin
complaints
cve-2010-3332
extended security updates
information
information disclosure
investigation
issues
microsoft
ms10-070
oracle
padding
public reports
revision note
security
update
vulnerability
Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...
Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletinSummary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue, including...
Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should...