1. Home
  2. CVE Database
  3. CVE-2008-3843
MEDIUM · 4.3

CVE-2008-3843

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to c...

Vulnerability Description

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftWindows-Nt2003
MicrosoftWindows 2000All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions
Microsoft.Net Framework1.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2008-3843?

CVE-2008-3843 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to c...

How severe is CVE-2008-3843?

CVE-2008-3843 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3843?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows-Nt, Microsoft Windows 2000, Microsoft Windows Vista, Microsoft Windows Xp, Microsoft .Net Framework.