ID de Prueba:	1.3.6.1.4.1.25623.1.0.901161
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
Resumen:	Determine Microsoft ASP.NET Information Disclosure Vulnerability
Descripción:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-070. Vulnerability Insight: The flaw is due to an error within ASP.NET in the handling of cryptographic padding when using encryption in CBC mode. This can be exploited to decrypt data via returned error codes from an affected server. Impact: Successful exploitation could allow remote attackers to decrypt and gain access to potentially sensitive data encrypted by the server or read data from arbitrary files within an ASP.NET application. Obtained information may aid in further attacks. Impact Level: System/Application Affected Software/OS: Microsoft ASP.NET 1.0 Microsoft ASP.NET 4.0 Microsoft ASP.NET 3.5.1 Microsoft ASP.NET 1.1 SP1 and prior Microsoft ASP.NET 2.0 SP2 and prior Microsoft ASP.NET 3.5 SP1 and prior Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx References: http://www.vupen.com/english/advisories/2010/2429 http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Referencia Cruzada:	BugTraq ID: 43316 Common Vulnerability Exposure (CVE) ID: CVE-2010-3332 http://isc.sans.edu/diary.html?storyid=9568 http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/ http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310 http://twitter.com/thaidn/statuses/24832350146 http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx http://www.ekoparty.org/juliano-rizzo-2010.php http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html Microsoft Security Bulletin: MS10-070 http://www.microsoft.com/technet/security/Bulletin/MS10-070.mspx http://www.securityfocus.com/bid/43316 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12365 http://securitytracker.com/id?1024459 http://secunia.com/advisories/41409 http://www.vupen.com/english/advisories/2010/2429 http://www.vupen.com/english/advisories/2010/2751 XForce ISS Database: ms-aspdotnet-padding-info-disclosure(61898) http://xforce.iss.net/xforce/xfdb/61898
Copyright	Copyright (C) 2010 SecPod

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario Email: Usuario: Contraseña: Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas. Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.     Privacidad

Ingreso de Usuario Registrado   Usuario:     Contraseña:     ¿Olvidó su usuario o contraseña?? Email/ID de Usario: