We have an internal Qualys scanner that is pegging an ASP.NET ValidateRequest filters Bypass Cross-Site scripting vulnerability on an Exchange 2003 SP2 OWA box running Windows Server 2003 SP2. The Qualys report indicates no patch is available for this specific issue, but I was wondering if I needed to update the ASP.NET on the system. ASP.NET is at version 1.1.4322, but I was unsure if it was upgradeable on Windows server 2003 since we have .NET 3.5 SP1 installed.
Anyone have any idea on this particular issue OR on upgrading ASP.NET please feel free to comment. Thanks.