?
Solved

ValidateRequest filters asp.net pegged as vulnerable by Qualys scan

Posted on 2012-04-02
2
Medium Priority
?
1,770 Views
Last Modified: 2012-06-27
We have an internal Qualys scanner that is pegging an ASP.NET ValidateRequest filters Bypass Cross-Site scripting vulnerability on an Exchange 2003 SP2 OWA box running Windows Server 2003 SP2.  The Qualys report indicates no patch is available for this specific issue, but I was wondering if I needed to update the ASP.NET on the system. ASP.NET is at version 1.1.4322, but I was unsure if it was upgradeable on Windows server 2003 since we have .NET 3.5 SP1 installed.

Anyone have any idea on this particular issue OR on upgrading ASP.NET please feel free to comment. Thanks.
0
Comment
Question by:dumamo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 37800354
sounds like the same problem as described in http://www.experts-exchange.com/Q_27656217.html
except that you use :net 1.x; not sure if a fix will be available for that
if there is no fix, you either need to fix the application, or install a WAF (modsecuity on apache may help)
0
 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 37802914
Have you applied KB931832 and KB950159?

If you are not already using URLScan from Microsoft (ISAPI filter) you should look at installing it.

Here is a paper discussing that type of attack (so you have a better understanding of it and some examples you can use to validate if you are vulnerable - don't blindly trust Qualys or any scanner. Verifiy the results):
http://www.procheckup.com/vulnerability_manager/documents/document_1258758664/bypassing-dot-NET-ValidateRequest.pdf

http://technet.microsoft.com/en-us/security/bulletin/ms07-040
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question