Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-3842
HistoryAug 27, 2008 - 8:41 p.m.

CVE-2008-3842

2008-08-2720:41:00
CWE-79
[email protected]
web.nvd.nist.gov
29
asp.net
request validation
validaterequest
xss
cross-site scripting
nvd
cve-2008-3842

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.404 Medium

EPSS

Percentile

97.3%

JSON

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a “</” (less-than slash) sequence.

Affected configurations

NVD
Node
microsoftwindows-ntMatch2003goldserver_x64
OR
microsoftwindows-ntMatch2003sp1server
OR
microsoftwindows-ntMatch2003sp1server_itanium
OR
microsoftwindows-ntMatch2003sp2server
OR
microsoftwindows-ntMatch2003sp2server_itanium
OR
microsoftwindows-ntMatch2003sp2server_x64
OR
microsoftwindows-ntMatchxpgoldx64
OR
microsoftwindows-ntMatchxpsp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_vista
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2x64
AND
microsoft.net_frameworkMatch2.0
Node
microsoftwindows-ntMatch2003goldserver_x64
OR
microsoftwindows-ntMatch2003sp1server
OR
microsoftwindows-ntMatch2003sp1server_itanium
OR
microsoftwindows-ntMatch2003sp2server
OR
microsoftwindows-ntMatch2003sp2server_itanium
OR
microsoftwindows-ntMatch2003sp2server_x64
OR
microsoftwindows-ntMatch2008
OR
microsoftwindows-ntMatch2008itanium
OR
microsoftwindows-ntMatch2008x64
OR
microsoftwindows-ntMatchxpgoldx64
OR
microsoftwindows-ntMatchxpsp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_vista
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2x64
AND
microsoft.net_frameworkMatch1.1sp1
Node
microsoftwindows-ntMatch2003goldserver_x64
OR
microsoftwindows-ntMatch2003sp1server
OR
microsoftwindows-ntMatch2003sp1server_itanium
OR
microsoftwindows-ntMatch2003sp2server
OR
microsoftwindows-ntMatch2003sp2server_itanium
OR
microsoftwindows-ntMatch2003sp2server_x64
OR
microsoftwindows-ntMatch2008
OR
microsoftwindows-ntMatchxpgoldmedia_center_2005
OR
microsoftwindows-ntMatchxpgoldtablet_pc_2005
OR
microsoftwindows-ntMatchxpgoldx64
OR
microsoftwindows-ntMatchxpsp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_vista
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2x64
AND
microsoft.net_frameworkMatch1.0sp3

Related

nvd 1
prion 1
cvelist 1
nessus 1
nvd
nvd
CVE-2008-3842
2008-08-27 20:41:00
prion
prion
Cross site scripting
2008-08-27 20:41:00
cvelist
cvelist
CVE-2008-3842
2008-08-27 20:00:00
nessus
nessus
Microsoft ASP.NET ValidateRequest Filters Bypass
2012-04-05 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.404 Medium

EPSS

Percentile

97.3%

JSON
Related for CVE-2008-3842
nvd1prion1cvelist1nessus1