Information disclosure in Microsoft Internet_information_services
CVE-2010-3332
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers…
EPSS: 0.836 (99.3th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_information_services
- Microsoft .Net_framework — versions 4.0, 2.0, 3.5.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secure@microsoft.com (x_refsource_MISC, Broken Link)
- oval:org.mitre.oval:def:12365 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- ADV-2010-2751 (Third Party Advisory, vdb-entry, x_refsource_VUPEN)
- secure@microsoft.com (Third Party Advisory, x_refsource_MISC)
- secure@microsoft.com (x_refsource_CONFIRM, Third Party Advisory, Mitigation)
- secure@microsoft.com (Exploit, Third Party Advisory, x_refsource_MISC)
- 41409 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 43316 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- secure@microsoft.com (x_refsource_CONFIRM, Exploit, Third Party Advisory)
- secure@microsoft.com (x_refsource_CONFIRM, Broken Link)
Frequently asked questions
- What is CVE-2010-3332?
- CVE-2010-3332 is a vulnerability in Microsoft Internet_information_services, classified under Generation of Error Message Containing Sensitive Information. Published 2010-09-22.
- Is CVE-2010-3332 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.