Vulnerabilities > CVE-2004-0595
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 7 | |
OS | 2 | |
OS | 3 | |
Application | 1 | |
Application | Php
| 25 |
Exploit-Db
description Mambo < 4.5.3h - Multiple Vulnerabilities. CVE-2006-0871,CVE-2006-1794. Webapps exploit for PHP platform id EDB-ID:43835 last seen 2018-01-24 modified 2016-02-24 published 2016-02-24 reporter Exploit-DB source https://www.exploit-db.com/download/43835/ title Mambo < 4.5.3h - Multiple Vulnerabilities description PHP 4.x/5.0 Strip_Tags() Function Bypass Vulnerability. CVE-2004-0595. Remote exploit for php platform id EDB-ID:24280 last seen 2016-02-02 modified 2004-07-14 published 2004-07-14 reporter Stefan Esser source https://www.exploit-db.com/download/24280/ title PHP 4.x/5.0 Strip_Tags Function Bypass Vulnerability
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-392.NASL description Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 13653 published 2004-07-20 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/13653 title RHEL 3 : php (RHSA-2004:392) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:392. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(13653); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0594", "CVE-2004-0595"); script_xref(name:"RHSA", value:"2004:392"); script_name(english:"RHEL 3 : php (RHSA-2004:392)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0594 to this issue. This issue has a higher risk when PHP is running on an instance of Apache which is vulnerable to CVE-2004-0493. For Red Hat Enterprise Linux 3, this Apache memory exhaustion issue was fixed by a previous update, RHSA-2004:342. It may also be possible to exploit this issue if using a non-default PHP configuration with the 'register_defaults' setting is changed to 'On'. Red Hat does not believe that this flaw is exploitable in the default configuration of Red Hat Enterprise Linux 3. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0595 to this issue. All users of PHP are advised to upgrade to these updated packages, which contain backported patches that address these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0594" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0595" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:392" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:392"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"php-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-11.1.ent")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-imap / php-ldap / php-mysql / php-odbc / php-pgsql"); } }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-531.NASL description Two vulnerabilities were discovered in php4 : - CAN-2004-0594 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. - CAN-2004-0595 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 15368 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15368 title Debian DSA-531-1 : php4 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-531. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15368); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0594", "CVE-2004-0595"); script_xref(name:"DSA", value:"531"); script_name(english:"Debian DSA-531-1 : php4 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in php4 : - CAN-2004-0594 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. - CAN-2004-0595 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-531" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody), these problems have been fixed in version 4.1.2-7. We recommend that you update your php4 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"caudium-php4", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-cgi", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-curl", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-dev", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-domxml", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-gd", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-imap", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-ldap", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-mcal", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-mhash", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-mysql", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-odbc", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-pear", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-recode", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-snmp", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-sybase", reference:"4.1.2-7")) flag++; if (deb_check(release:"3.0", prefix:"php4-xslt", reference:"4.1.2-7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EDF61C610F0711D98393000103CCF9D6.NASL description Stefan Esser of e-matters discovered that PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19159 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19159 title FreeBSD : php -- strip_tags XSS vulnerability (edf61c61-0f07-11d9-8393-000103ccf9d6) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-001.NASL description he remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16251 published 2005-01-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16251 title Mac OS X Multiple Vulnerabilities (Security Update 2005-001) NASL family CGI abuses NASL id PHP_STRIP_TAGS_MEMORY_LIMIT_VULN.NASL description According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.7. It is, therefore, potentially affected by a bug that could allow an attacker to execute arbitrary code on the remote host if the option memory_limit is set. Another bug in the function strip_tags() may allow an attacker to bypass content restrictions when submitting data and may lead to cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13650 published 2004-07-15 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13650 title PHP < 4.3.8 Multiple Vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-202-01.NASL description New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 18773 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18773 title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2004-202-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-395.NASL description Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 13652 published 2004-07-19 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/13652 title RHEL 2.1 : php (RHSA-2004:395) NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_021.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:021 (php4/mod_php4). PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the last seen 2020-06-01 modified 2020-06-02 plugin id 13837 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13837 title SUSE-SA:2004:021: php4/mod_php4 NASL family Fedora Local Security Checks NASL id FEDORA_2004-222.NASL description This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE-2004-0594), and the strip_tags function (CVE-2004-0595). CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the last seen 2020-06-01 modified 2020-06-02 plugin id 13748 published 2004-07-24 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13748 title Fedora Core 1 : php-4.3.8-1.1 (2004-222) NASL family Fedora Local Security Checks NASL id FEDORA_2004-223.NASL description This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE-2004-0594), and the strip_tags function (CVE-2004-0595). CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the last seen 2020-06-01 modified 2020-06-02 plugin id 13749 published 2004-07-24 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13749 title Fedora Core 2 : php-4.3.8-2.1 (2004-223) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-068.NASL description Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP last seen 2020-06-01 modified 2020-06-02 plugin id 14167 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14167 title Mandrake Linux Security Advisory : php (MDKSA-2004:068) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-669.NASL description Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0594 The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances. - CAN-2004-0595 The strip_tags function does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16343 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16343 title Debian DSA-669-1 : php3 - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200407-13.NASL description The remote host is affected by the vulnerability described in GLSA-200407-13 (PHP: Multiple security vulnerabilities) Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The strip_tags() function, used to sanitize user input, could in certain cases allow tags containing \\0 characters (CAN-2004-0595). When memory_limit is used, PHP might unsafely interrupt other functions (CAN-2004-0594). The ftok and itpc functions were missing safe_mode checks. It was possible to bypass open_basedir restrictions using MySQL last seen 2020-06-01 modified 2020-06-02 plugin id 14546 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14546 title GLSA-200407-13 : PHP: Multiple security vulnerabilities
Oval
accepted | 2013-04-29T04:07:09.197-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:10619 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | ||||||||
version | 26 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/44191/mambo453.txt |
id | PACKETSTORM:44191 |
last seen | 2016-12-05 |
published | 2006-02-26 |
reporter | James Bercegay |
source | https://packetstormsecurity.com/files/44191/mambo453.txt.html |
title | mambo453.txt |
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
- http://marc.info/?l=bugtraq&m=108981780109154&w=2
- http://marc.info/?l=bugtraq&m=108982983426031&w=2
- http://marc.info/?l=bugtraq&m=109051444105182&w=2
- http://marc.info/?l=bugtraq&m=109181600614477&w=2
- http://www.debian.org/security/2004/dsa-531
- http://www.debian.org/security/2005/dsa-669
- http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
- http://www.novell.com/linux/security/advisories/2004_21_php4.html
- http://www.redhat.com/support/errata/RHSA-2004-392.html
- http://www.redhat.com/support/errata/RHSA-2004-395.html
- http://www.redhat.com/support/errata/RHSA-2004-405.html
- http://www.redhat.com/support/errata/RHSA-2005-816.html
- http://www.securityfocus.com/bid/10724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619