Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3842


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3842
Last Modified 29 Jan 2009 01:54:34
Published 27 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "

Vulnerable Systems


  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0


XF - asp-validaterequest-xss(44741)

BUGTRAQ - 20080821 PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks


SREASON - 4193

Last Updated: 27 May 2016 10:48:19