It seems like ASP.NET is not the only platform vulnerable to Padding Oracle attack. Platforms like JSF and Ruby on Rails are also vulnerable, but Juliano Rizzo is convinced that there are more platforms, applications and sites vulnerable to the same attack.
So why all the fuss about ASP.NET?
InfoQ: Why there has been so much commotion around ASP.NET lately and there is nothing related to JSF, Ruby on Rails, if they are vulnerable too?
JR: ASP.NET is more popular than JSF and Ruby on Rails, because approximately 25% of the internet sites use ASP.NET.