Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2004-0595
Description:The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Test IDs: 1.3.6.1.4.1.25623.1.0.53221   1.3.6.1.4.1.25623.1.0.51106   1.3.6.1.4.1.25623.1.0.52896   1.3.6.1.4.1.25623.1.0.50340   1.3.6.1.4.1.25623.1.0.52795   1.3.6.1.4.1.25623.1.0.53498   1.3.6.1.4.1.25623.1.0.52371   1.3.6.1.4.1.25623.1.0.50390   1.3.6.1.4.1.25623.1.0.51105  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-0595
BugTraq ID: 10724
http://www.securityfocus.com/bid/10724
Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108981780109154&w=2
Bugtraq: 20040714 TSSA-2004-013 - php (Google Search)
http://marc.info/?l=bugtraq&m=108982983426031&w=2
Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search)
http://marc.info/?l=bugtraq&m=109051444105182&w=2
Conectiva Linux advisory: CLA-2004:847
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
Debian Security Information: DSA-531 (Google Search)
http://www.debian.org/security/2004/dsa-531
Debian Security Information: DSA-669 (Google Search)
http://www.debian.org/security/2005/dsa-669
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
HPdes Security Advisory: SSRT4777
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619
RedHat Security Advisories: RHSA-2004:392
http://www.redhat.com/support/errata/RHSA-2004-392.html
RedHat Security Advisories: RHSA-2004:395
http://www.redhat.com/support/errata/RHSA-2004-395.html
RedHat Security Advisories: RHSA-2004:405
http://www.redhat.com/support/errata/RHSA-2004-405.html
RedHat Security Advisories: RHSA-2005:816
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2004:021 (Google Search)
http://www.novell.com/linux/security/advisories/2004_21_php4.html
XForce ISS Database: php-strip-tag-bypass(16692)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692




© 1998-2024 E-Soft Inc. All rights reserved.