6.8

CVE-2004-0595

Exploit
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatFedora Core Versioncore_1.0
RedhatFedora Core Versioncore_2.0
TrustixSecure Linux Version1.5
TrustixSecure Linux Version2.0
TrustixSecure Linux Version2.1
PhpPhp Version4.0
PhpPhp Version4.0.1
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.4
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
AvayaS8300 Versionr2.0.0
AvayaS8300 Versionr2.0.1
AvayaS8500 Versionr2.0.0
AvayaS8500 Versionr2.0.1
AvayaS8700 Versionr2.0.0
AvayaS8700 Versionr2.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 45.16% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
http://marc.info/?l=bugtraq&m=108981780109154&w=2
http://marc.info/?l=bugtraq&m=108982983426031&w=2
http://marc.info/?l=bugtraq&m=109051444105182&w=2
http://www.debian.org/security/2004/dsa-531
Patch
Vendor Advisory
http://www.debian.org/security/2005/dsa-669
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
http://www.novell.com/linux/security/advisories/2004_21_php4.html
http://www.redhat.com/support/errata/RHSA-2004-392.html
http://www.redhat.com/support/errata/RHSA-2004-395.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://www.securityfocus.com/bid/10724
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619