Vulnerabilities > CVE-2004-0595

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
avaya
redhat
trustix
php
nessus
exploit available

Summary

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Exploit-Db

  • descriptionMambo < 4.5.3h - Multiple Vulnerabilities. CVE-2006-0871,CVE-2006-1794. Webapps exploit for PHP platform
    idEDB-ID:43835
    last seen2018-01-24
    modified2016-02-24
    published2016-02-24
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43835/
    titleMambo < 4.5.3h - Multiple Vulnerabilities
  • descriptionPHP 4.x/5.0 Strip_Tags() Function Bypass Vulnerability. CVE-2004-0595. Remote exploit for php platform
    idEDB-ID:24280
    last seen2016-02-02
    modified2004-07-14
    published2004-07-14
    reporterStefan Esser
    sourcehttps://www.exploit-db.com/download/24280/
    titlePHP 4.x/5.0 Strip_Tags Function Bypass Vulnerability

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-392.NASL
    descriptionUpdated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id13653
    published2004-07-20
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/13653
    titleRHEL 3 : php (RHSA-2004:392)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:392. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13653);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0594", "CVE-2004-0595");
      script_xref(name:"RHSA", value:"2004:392");
    
      script_name(english:"RHEL 3 : php (RHSA-2004:392)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated php packages that fix various security issues are now
    available.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP server.
    
    Stefan Esser discovered a flaw when memory_limit is enabled in
    versions of PHP 4 before 4.3.8. If a remote attacker could force the
    PHP interpreter to allocate more memory than the memory_limit setting
    before script execution begins, then the attacker may be able to
    supply the contents of a PHP hash table remotely. This hash table
    could then be used to execute arbitrary code as the 'apache' user. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2004-0594 to this issue.
    
    This issue has a higher risk when PHP is running on an instance of
    Apache which is vulnerable to CVE-2004-0493. For Red Hat Enterprise
    Linux 3, this Apache memory exhaustion issue was fixed by a previous
    update, RHSA-2004:342. It may also be possible to exploit this issue
    if using a non-default PHP configuration with the 'register_defaults'
    setting is changed to 'On'. Red Hat does not believe that this flaw is
    exploitable in the default configuration of Red Hat Enterprise Linux
    3.
    
    Stefan Esser discovered a flaw in the strip_tags function in versions
    of PHP before 4.3.8. The strip_tags function is commonly used by PHP
    scripts to prevent Cross-Site-Scripting attacks by removing HTML tags
    from user-supplied form data. By embedding NUL bytes into form data,
    HTML tags can in some cases be passed intact through the strip_tags
    function, which may allow a Cross-Site-Scripting attack. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2004-0595 to this issue.
    
    All users of PHP are advised to upgrade to these updated packages,
    which contain backported patches that address these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:392"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:392";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"php-4.3.2-11.1.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-11.1.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-11.1.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-11.1.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-11.1.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-11.1.ent")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-imap / php-ldap / php-mysql / php-odbc / php-pgsql");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-531.NASL
    descriptionTwo vulnerabilities were discovered in php4 : - CAN-2004-0594 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. - CAN-2004-0595 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id15368
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15368
    titleDebian DSA-531-1 : php4 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-531. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15368);
      script_version("1.23");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2004-0594", "CVE-2004-0595");
      script_xref(name:"DSA", value:"531");
    
      script_name(english:"Debian DSA-531-1 : php4 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities were discovered in php4 :
    
      - CAN-2004-0594
        The memory_limit functionality in PHP 4.x up to 4.3.7,
        and 5.x up to 5.0.0RC3, under certain conditions such as
        when register_globals is enabled, allows remote
        attackers to execute arbitrary code by triggering a
        memory_limit abort during execution of the
        zend_hash_init function and overwriting a HashTable
        destructor pointer before the initialization of key data
        structures is complete.
    
      - CAN-2004-0595
    
        The strip_tags function in PHP 4.x up to 4.3.7, and 5.x
        up to 5.0.0RC3, does not filter null (\0) characters
        within tag names when restricting input to allowed tags,
        which allows dangerous tags to be processed by web
        browsers such as Internet Explorer and Safari, which
        ignore null characters and facilitate the exploitation
        of cross-site scripting (XSS) vulnerabilities."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-531"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the current stable distribution (woody), these problems have been
    fixed in version 4.1.2-7.
    
    We recommend that you update your php4 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/07/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"caudium-php4", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-cgi", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-curl", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-dev", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-domxml", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-gd", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-imap", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-ldap", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-mcal", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-mhash", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-mysql", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-odbc", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-pear", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-recode", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-snmp", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-sybase", reference:"4.1.2-7")) flag++;
    if (deb_check(release:"3.0", prefix:"php4-xslt", reference:"4.1.2-7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EDF61C610F0711D98393000103CCF9D6.NASL
    descriptionStefan Esser of e-matters discovered that PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id19159
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19159
    titleFreeBSD : php -- strip_tags XSS vulnerability (edf61c61-0f07-11d9-8393-000103ccf9d6)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-001.NASL
    descriptionhe remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16251
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16251
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-001)
  • NASL familyCGI abuses
    NASL idPHP_STRIP_TAGS_MEMORY_LIMIT_VULN.NASL
    descriptionAccording to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.7. It is, therefore, potentially affected by a bug that could allow an attacker to execute arbitrary code on the remote host if the option memory_limit is set. Another bug in the function strip_tags() may allow an attacker to bypass content restrictions when submitting data and may lead to cross-site scripting issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13650
    published2004-07-15
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13650
    titlePHP < 4.3.8 Multiple Vulnerabilities
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-202-01.NASL
    descriptionNew PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade.
    last seen2020-06-01
    modified2020-06-02
    plugin id18773
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18773
    titleSlackware 10.0 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2004-202-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-395.NASL
    descriptionUpdated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id13652
    published2004-07-19
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/13652
    titleRHEL 2.1 : php (RHSA-2004:395)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_021.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:021 (php4/mod_php4). PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the
    last seen2020-06-01
    modified2020-06-02
    plugin id13837
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13837
    titleSUSE-SA:2004:021: php4/mod_php4
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-222.NASL
    descriptionThis update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE-2004-0594), and the strip_tags function (CVE-2004-0595). CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the
    last seen2020-06-01
    modified2020-06-02
    plugin id13748
    published2004-07-24
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13748
    titleFedora Core 1 : php-4.3.8-1.1 (2004-222)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-223.NASL
    descriptionThis update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE-2004-0594), and the strip_tags function (CVE-2004-0595). CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the
    last seen2020-06-01
    modified2020-06-02
    plugin id13749
    published2004-07-24
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13749
    titleFedora Core 2 : php-4.3.8-2.1 (2004-223)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-068.NASL
    descriptionStefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id14167
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14167
    titleMandrake Linux Security Advisory : php (MDKSA-2004:068)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-669.NASL
    descriptionTwo vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0594 The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances. - CAN-2004-0595 The strip_tags function does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id16343
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16343
    titleDebian DSA-669-1 : php3 - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200407-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200407-13 (PHP: Multiple security vulnerabilities) Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The strip_tags() function, used to sanitize user input, could in certain cases allow tags containing \\0 characters (CAN-2004-0595). When memory_limit is used, PHP might unsafely interrupt other functions (CAN-2004-0594). The ftok and itpc functions were missing safe_mode checks. It was possible to bypass open_basedir restrictions using MySQL
    last seen2020-06-01
    modified2020-06-02
    plugin id14546
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14546
    titleGLSA-200407-13 : PHP: Multiple security vulnerabilities

Oval

accepted2013-04-29T04:07:09.197-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionThe strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
familyunix
idoval:org.mitre.oval:def:10619
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
version26

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/44191/mambo453.txt
idPACKETSTORM:44191
last seen2016-12-05
published2006-02-26
reporterJames Bercegay
sourcehttps://packetstormsecurity.com/files/44191/mambo453.txt.html
titlemambo453.txt

Redhat

advisories
  • rhsa
    idRHSA-2004:392
  • rhsa
    idRHSA-2004:395
  • rhsa
    idRHSA-2004:405
  • rhsa
    idRHSA-2005:816
rpms
  • php-0:4.3.2-11.1.ent
  • php-debuginfo-0:4.3.2-11.1.ent
  • php-devel-0:4.3.2-11.1.ent
  • php-imap-0:4.3.2-11.1.ent
  • php-ldap-0:4.3.2-11.1.ent
  • php-mysql-0:4.3.2-11.1.ent
  • php-odbc-0:4.3.2-11.1.ent
  • php-pgsql-0:4.3.2-11.1.ent