Solved

ValidateRequest filters asp.net pegged as vulnerable by Qualys scan

Posted on 2012-04-02
2
1,756 Views
Last Modified: 2012-06-27
We have an internal Qualys scanner that is pegging an ASP.NET ValidateRequest filters Bypass Cross-Site scripting vulnerability on an Exchange 2003 SP2 OWA box running Windows Server 2003 SP2.  The Qualys report indicates no patch is available for this specific issue, but I was wondering if I needed to update the ASP.NET on the system. ASP.NET is at version 1.1.4322, but I was unsure if it was upgradeable on Windows server 2003 since we have .NET 3.5 SP1 installed.

Anyone have any idea on this particular issue OR on upgrading ASP.NET please feel free to comment. Thanks.
0
Comment
Question by:dumamo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37800354
sounds like the same problem as described in http://www.experts-exchange.com/Q_27656217.html
except that you use :net 1.x; not sure if a fix will be available for that
if there is no fix, you either need to fix the application, or install a WAF (modsecuity on apache may help)
0
 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 37802914
Have you applied KB931832 and KB950159?

If you are not already using URLScan from Microsoft (ISAPI filter) you should look at installing it.

Here is a paper discussing that type of attack (so you have a better understanding of it and some examples you can use to validate if you are vulnerable - don't blindly trust Qualys or any scanner. Verifiy the results):
http://www.procheckup.com/vulnerability_manager/documents/document_1258758664/bypassing-dot-NET-ValidateRequest.pdf

http://technet.microsoft.com/en-us/security/bulletin/ms07-040
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question