The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 - | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html - | |
References | () http://marc.info/?l=bugtraq&m=108981780109154&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=108982983426031&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=109051444105182&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=109181600614477&w=2 - | |
References | () http://www.debian.org/security/2004/dsa-531 - Patch, Vendor Advisory | |
References | () http://www.debian.org/security/2005/dsa-669 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml - | |
References | () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 - | |
References | () http://www.novell.com/linux/security/advisories/2004_21_php4.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2004-392.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2004-395.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2004-405.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2005-816.html - | |
References | () http://www.securityfocus.com/bid/10724 - Exploit, Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 - |
Information
Published : 2004-07-27 04:00
Updated : 2024-11-20 23:48
NVD link : CVE-2004-0595
Mitre link : CVE-2004-0595
CVE.ORG link : CVE-2004-0595
JSON object : View
Products Affected
php
- php
redhat
- fedora_core
avaya
- s8500
- s8300
- integrated_management
- s8700
- converged_communications_server
trustix
- secure_linux
CWE