CVE-2008-3843

Severity Score

6.1

*CVSS v3

Exploit Likelihood

20.3%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detecta de forma adecuada las entradas peligrosas de clientes, lo que permite a atacantes, conducir ataques de secuencias de comandos en sitios cruzados (XSS) como se demostró mediante una petición que contenía la cadena "<~/" (menor que, tilde y barra) seguida de un elemento STYLE manipulado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-08-27 CVE Reserved
2008-08-27 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (6)

URL	Tag	Source
http://securityreason.com/securityalert/4193	Third Party Advisory
http://www.procheckup.com/PDFs/bypassing-dot-NET-Valida...	X_refsource_misc
http://www.procheckup.com/Vulnerability_PR08-20.php	X_refsource_misc
http://www.securityfocus.com/archive/1/495667/100/0/thr...	Mailing List
http://www.securityfocus.com/archive/1/496071/100/0/thr...	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/44743	Vdb Entry

1 - 6 of 6

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions (47)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	gold, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008"	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, media_center_2005	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, tablet_pc_2005	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, x64	Safe

1 - 10 of 47