CVE-2008-3843

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detecta de forma adecuada las entradas peligrosas de clientes, lo que permite a atacantes, conducir ataques de secuencias de comandos en sitios cruzados (XSS) como se demostró mediante una petición que contenía la cadena "<~/" (menor que, tilde y barra) seguida de un elemento STYLE manipulado.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-08-27 CVE Reserved
2008-08-27 CVE Published
2024-08-07 CVE Updated
2024-11-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (6)

URL	Tag	Source
http://securityreason.com/securityalert/4193	Third Party Advisory
http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf	X_refsource_misc
http://www.procheckup.com/Vulnerability_PR08-20.php	X_refsource_misc
http://www.securityfocus.com/archive/1/495667/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/496071/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/44743	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	gold, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008"	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, media_center_2005	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, tablet_pc_2005	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	sp3	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp1	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0"	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	gold, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008"	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008"	itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2008 Search vendor "Microsoft" for product "Windows-nt" and version "2008"	x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	vista Search vendor "Microsoft" for product "Windows-nt" and version "vista"	sp1, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	sp3	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	gold, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp1	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	gold, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp1, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	2003 Search vendor "Microsoft" for product "Windows-nt" and version "2003"	sp2, server_x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	gold, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows-nt Search vendor "Microsoft" for product "Windows-nt"	xp Search vendor "Microsoft" for product "Windows-nt" and version "xp"	sp3	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	gold, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2, x64	Safe