Microsoft ASP.NET ValidateRequest Filters Bypass

Medium Nessus Plugin ID 58601


The web application framework used on the remote host may be susceptible to cross-site scripting attacks.


According to the HTTP headers received from the remote host, the web server is configured to use the ASP.NET framework.

This framework includes the ValidateRequest feature, which is used by ASP.NET web applications to filter user input in an attempt to prevent cross-site scripting attacks. However, this set of filters can be bypassed if it is the sole mechanism used for protection by a web application.

Since Nessus is unable to remotely gather enough information to determine if the ValidateRequest feature is used in an unsafe manner, this plugin will report all web servers using ASP.NET when the 'Report Paranoia' configuration setting is set to 'Paranoid (more false alarms)'. Determining if an actual security risk exists requires manual verification.


Determine if any ASP.NET web applications solely rely on the ValidateRequest feature, and use additional protections if necessary.

See Also

Plugin Details

Severity: Medium

ID: 58601

File Name: asp_net_validaterequest_bypass.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Web Servers

Published: 2012/04/05

Modified: 2017/04/28

Dependencies: 67257

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework, cpe:/o:microsoft:windows

Required KB Items: Settings/PCI_DSS

Vulnerability Publication Date: 2008/08/21

Reference Information

CVE: CVE-2008-3842, CVE-2008-3843

OSVDB: 49384, 49385

CWE: 79