AnsweredAssumed Answered

QID 90780: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability

Question asked by Theodoros Tsakiris on Apr 8, 2013
Latest reply on Apr 11, 2013 by PSears

I have a Server 2003 Ent 64bit with Exchange2007 SP3. This server have enable the OWA services, so during PCI compliance test appears the above indication.

We have communicate with Microsoft, in order to provide correct actions to pass PCI compliance test, but until now all actions have been fail, due to OWA service. (OWA of Exc2007 cannot work if we try to upgrade the .Net Framework to ver 4 -64 bit).

Also on other sections I have read comments for OWA, which is an application which don't have Cross-Site Scripting capabilities.

What proofs  needed to provide in order to have a False Positive exception for our Exchange Server and OWA as Web Application?

Outcomes