Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3843


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3843
Last Modified 15 Aug 2009 01:13:45
Published 27 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

Vulnerable Systems


  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0


XF - asp-validaterequestfilter-xss(44743)

BUGTRAQ - 20080908 Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

BUGTRAQ - 20080821 PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks



SREASON - 4193

Last Updated: 27 May 2016 10:48:19