6.8
CVE-2004-0595
- EPSS 45.16%
- Veröffentlicht 27.07.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avaya ≫ Converged Communications Server Version2.0
Redhat ≫ Fedora Core Versioncore_1.0
Redhat ≫ Fedora Core Versioncore_2.0
Trustix ≫ Secure Linux Version1.5
Trustix ≫ Secure Linux Version2.0
Trustix ≫ Secure Linux Version2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 45.16% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
http://marc.info/?l=bugtraq&m=108981780109154&w=2
http://marc.info/?l=bugtraq&m=108982983426031&w=2
http://marc.info/?l=bugtraq&m=109051444105182&w=2
http://www.debian.org/security/2004/dsa-531
http://www.debian.org/security/2005/dsa-669
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
http://www.novell.com/linux/security/advisories/2004_21_php4.html
http://www.redhat.com/support/errata/RHSA-2004-392.html
http://www.redhat.com/support/errata/RHSA-2004-395.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://www.securityfocus.com/bid/10724
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619