• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3771
  • Last Modified:

Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability

Hi Folks,
I have a client with a potential vulnerability discovered from a recent network scan and I cannot find a way to mitigate it for them. They are running a website on a Windows 2003 sp2 Server, fully up to date including .net framework 4. I still get this vulnerability though. Does anyone have a simplistic solution for it as we are not developers?

Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability

port 443/tcp

 QID:90780Category:WindowsCVE ID:CVE-2008-3842 CVE-2008-3843 Vendor Reference-Bugtraq ID:-Service Modified:10/01/2012User Modified:-Edited:NoPCI Vuln:YesTHREAT:ASP.NET is a Web application framework developed by Microsoft. validateRequest filters, is a feature of ASP.NET which prevents the server from accepting content containing un-encoded HTML. This feature is designed to help prevent some script-injection attacks whereby client script code or HTML can be unknowingly submitted to a server, stored, and then presented to other users.
 Microsoft ASP.NET validateRequest filters could allow a remote attacker to bypass it's filters and conduct cross-site scripting attacks using a less-than slash (</) and less-than tilde slash (<~/) sequence. These vulnerabilities are described in CVE-2008-3842 and CVE-2008-3843.
This QID does not actively check for the XSS in the web application but relies on the ASP.NET banner version. For confirming the vulnerability please run a web application scan.
 Affected Versions:
 Microsoft ASP.NET CLR version 1.1.4322.2407 and 2.0.50727 which is used in ASP.NET version 1.0 through 3.5 is affected.

For a detailed description of CLR versions and ASP.NET version please refer to .NET framework

IMPACT:Attackers can potentially launch XSS attacks against vulnerable applications that solely rely on ASP .NET ValidateRequest filters. This type of attack can result in defacement of the target site, or the redirection of confidential information (i.e.: session IDs or passwords) to unauthorised third parties.

SOLUTION:The issue described in CVE-2008-3842 is fixed by the MS07-040 update. There are no patches available for CVE-2008-3843. The vulnerability can be mitigated by not relying on the ValidateRequest filters delivered with ASP.NET, using custom input filters and secure coding practices.
 Please update to the latest .Net framework .NET framework

COMPLIANCE:Not ApplicableEXPLOITABILITY:There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:There is no malware information for this vulnerability.

RESULTS:QID: 90780 detected on port 443 over TCP.
X-AspNet-Version: 2.0.50727
1 Solution
Alexandre SimõesManager / Technology SpecialistCommented:
Well, apparently what you have is a flag set on you website, either in the master page or in a specific page that forces the bypass for XSS.

Search for this: ValidateRequest="false"

The problem is that the website might actually need this to work in some parts.
mrosierAuthor Commented:
thanks so much! I will see with the application vendor if that can be altered or something to eliminate. Thanks!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now