Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52896
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2004-23 (php)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to php
announced via advisory TLSA-2004-23.

PHP is an HTML-embedded scripting language.
The strip_tags function in PHP, does not filter null (\0) characters
within tag names when restricting input to allowed tags.

This allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters
this facilitates the
exploitation of cross-site scripting (XSS) vulnerabilities.

Bug allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-23

Risk factor : High

CVSS Score:
6.8

Cross-Ref: BugTraq ID: 10724
Common Vulnerability Exposure (CVE) ID: CVE-2004-0595
http://www.securityfocus.com/bid/10724
Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108981780109154&w=2
Bugtraq: 20040714 TSSA-2004-013 - php (Google Search)
http://marc.info/?l=bugtraq&m=108982983426031&w=2
Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search)
http://marc.info/?l=bugtraq&m=109051444105182&w=2
Conectiva Linux advisory: CLA-2004:847
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
Debian Security Information: DSA-531 (Google Search)
http://www.debian.org/security/2004/dsa-531
Debian Security Information: DSA-669 (Google Search)
http://www.debian.org/security/2005/dsa-669
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
HPdes Security Advisory: SSRT4777
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619
http://www.redhat.com/support/errata/RHSA-2004-392.html
http://www.redhat.com/support/errata/RHSA-2004-395.html
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2004:021 (Google Search)
http://www.novell.com/linux/security/advisories/2004_21_php4.html
XForce ISS Database: php-strip-tag-bypass(16692)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.