Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3843

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3843
Last Modified 15 Aug 2009 01:13:45
Published 27 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3843

Summary

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

Vulnerable Systems

Application

  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0


References

XF - asp-validaterequestfilter-xss(44743)

BUGTRAQ - 20080908 Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

BUGTRAQ - 20080821 PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

MISC - http://www.procheckup.com/Vulnerability_PR08-20.php

MISC - http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf

SREASON - 4193


Last Updated: 27 May 2016 10:48:19