CVE-2008-3843
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detecta de forma adecuada las entradas peligrosas de clientes, lo que permite a atacantes, conducir ataques de secuencias de comandos en sitios cruzados (XSS) como se demostró mediante una petición que contenía la cadena "<~/" (menor que, tilde y barra) seguida de un elemento STYLE manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-27 CVE Reserved
- 2008-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/4193 | Third Party Advisory | |
http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf | X_refsource_misc | |
http://www.procheckup.com/Vulnerability_PR08-20.php | X_refsource_misc | |
http://www.securityfocus.com/archive/1/495667/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/496071/100/0/threaded | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/44743 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | gold, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008" | - |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | gold, media_center_2005 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | gold, tablet_pc_2005 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | gold, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | sp3 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp1 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | gold, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008" | - |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008" | itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008" | x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | vista Search vendor "Microsoft" for product "Windows-nt" and version "vista" | sp1, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | gold, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | sp3 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | gold, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp1 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | gold, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp1, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_itanium |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | 2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003" | sp2, server_x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | gold, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | sp3 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | gold, x64 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, x64 |
Safe
|