Vulnerability Manager Plus

Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP(KB2416468) x86 based systems for SP1

Risk Information

Base Score

9.1

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

85.692%

CVE Information

Source CVE
CVE-2010-3332

Associated CVE
CVE-2010-3332

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
9196

Patch Description
Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP(KB2416468)

References

http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
http://isc.sans.edu/diary.html?storyid=9568
http://secunia.com/advisories/41409
http://securitytracker.com/id?1024459
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
http://twitter.com/thaidn/statuses/24832350146
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://www.microsoft.com/technet/security/Bulletin/MS10-070.mspx
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle
http://www.securityfocus.com/bid/43316
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
http://www.vupen.com/english/advisories/2010/2429
http://www.vupen.com/english/advisories/2010/2751
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898