Test Kennung:	1.3.6.1.4.1.25623.1.0.52371
Kategorie:	FreeBSD Local Security Checks
Titel:	php -- strip_tags cross-site scripting vulnerability
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: mod_php4-twig, php4, php4-cgi, php4-cli, php4-dtc, php4-horde, php4-nms, mod_php4, php5, php5-cgi, php5-cli, mod_php5 CVE-2004-0595 The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0595 BugTraq ID: 10724 http://www.securityfocus.com/bid/10724 Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108981780109154&w=2 Bugtraq: 20040714 TSSA-2004-013 - php (Google Search) http://marc.info/?l=bugtraq&m=108982983426031&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search) http://marc.info/?l=bugtraq&m=109051444105182&w=2 Conectiva Linux advisory: CLA-2004:847 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 Debian Security Information: DSA-531 (Google Search) http://www.debian.org/security/2004/dsa-531 Debian Security Information: DSA-669 (Google Search) http://www.debian.org/security/2005/dsa-669 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml HPdes Security Advisory: SSRT4777 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 http://www.redhat.com/support/errata/RHSA-2004-392.html http://www.redhat.com/support/errata/RHSA-2004-395.html http://www.redhat.com/support/errata/RHSA-2004-405.html http://www.redhat.com/support/errata/RHSA-2005-816.html SuSE Security Announcement: SUSE-SA:2004:021 (Google Search) http://www.novell.com/linux/security/advisories/2004_21_php4.html XForce ISS Database: php-strip-tag-bypass(16692) https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.