Microsoft ASP.NET ValidateRequest Filters Bypass

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The web application framework used on the remote host may be
susceptible to cross-site scripting attacks.

Description :

According to the HTTP headers received from the remote host, the web
server is configured to use the ASP.NET framework.

This framework includes the ValidateRequest feature, which is used by
ASP.NET web applications to filter user input in an attempt to prevent
cross-site scripting attacks. However, this set of filters can be
bypassed if it is the sole mechanism used for protection by a web
application.

Since Nessus is unable to remotely gather enough information to
determine if the ValidateRequest feature is used in an unsafe manner,
this plugin will report all web servers using ASP.NET when the 'Report
Paranoia' configuration setting is set to 'Paranoid (more false
alarms)'. Determining if an actual security risk exists requires
manual verification.

See also :

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-20
http://msdn.microsoft.com/en-us/library/bb355989.aspx
http://www.nessus.org/u?fa65841c

Solution :

Determine if any ASP.NET web applications solely rely on the
ValidateRequest feature, and use additional protections if necessary.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: Web Servers

Nessus Plugin ID: 58601 ()

Bugtraq ID:

CVE ID: CVE-2008-3842
CVE-2008-3843