6.8

CVE-2004-0595

Exploit

EPSS 54.88%
Veröffentlicht 27.07.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avaya ≫ Converged Communications Server Version2.0

Redhat ≫ Fedora Core Versioncore_1.0

Redhat ≫ Fedora Core Versioncore_2.0

Trustix ≫ Secure Linux Version1.5

Trustix ≫ Secure Linux Version2.0

Trustix ≫ Secure Linux Version2.1

Avaya ≫ Integrated Management

Php ≫ Php Version4.0

Php ≫ Php Version4.0.1

Php ≫ Php Version4.0.2

Php ≫ Php Version4.0.3

Php ≫ Php Version4.0.4

Php ≫ Php Version4.0.5

Php ≫ Php Version4.0.6

Php ≫ Php Version4.0.7

Php ≫ Php Version4.1.0

Php ≫ Php Version4.1.1

Php ≫ Php Version4.1.2

Php ≫ Php Version4.2.0

Php ≫ Php Version4.2.1

Php ≫ Php Version4.2.2

Php ≫ Php Version4.2.3

Php ≫ Php Version4.3.0

Php ≫ Php Version4.3.1

Php ≫ Php Version4.3.2

Php ≫ Php Version4.3.3

Php ≫ Php Version4.3.5

Php ≫ Php Version4.3.6

Php ≫ Php Version4.3.7

Php ≫ Php Version5.0 Updaterc1

Php ≫ Php Version5.0 Updaterc2

Php ≫ Php Version5.0 Updaterc3

Avaya ≫ S8300 Versionr2.0.0

Avaya ≫ S8300 Versionr2.0.1

Avaya ≫ S8500 Versionr2.0.0

Avaya ≫ S8500 Versionr2.0.1

Avaya ≫ S8700 Versionr2.0.0

Avaya ≫ S8700 Versionr2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	54.88%	0.98

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.redhat.com/support/errata/RHSA-2005-816.html

http://www.redhat.com/support/errata/RHSA-2004-405.html

http://marc.info/?l=bugtraq&m=109181600614477&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847

http://marc.info/?l=bugtraq&m=108981780109154&w=2

http://marc.info/?l=bugtraq&m=108982983426031&w=2

http://marc.info/?l=bugtraq&m=109051444105182&w=2

http://www.debian.org/security/2004/dsa-531

Patch

Vendor Advisory

http://www.debian.org/security/2005/dsa-669

http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068

http://www.novell.com/linux/security/advisories/2004_21_php4.html

http://www.redhat.com/support/errata/RHSA-2004-392.html

http://www.redhat.com/support/errata/RHSA-2004-395.html

http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html

http://www.securityfocus.com/bid/10724

Patch

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/16692

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619

https://nvd.nist.gov/vuln/detail/CVE-2004-0595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0595

EUVD