CVE-2004-0595

Current Description

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null () characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Basic Data

PublishedJuly 27, 2004
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareAvayaConverged Communications Server2.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSTrustixSecure Linux1.5*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaIntegrated Management********
    2.3ApplicationPhpPhp4.0*******
    2.3ApplicationPhpPhp4.0.1*******
    2.3ApplicationPhpPhp4.0.2*******
    2.3ApplicationPhpPhp4.0.3*******
    2.3ApplicationPhpPhp4.0.4*******
    2.3ApplicationPhpPhp4.0.5*******
    2.3ApplicationPhpPhp4.0.6*******
    2.3ApplicationPhpPhp4.0.7*******
    2.3ApplicationPhpPhp4.1.0*******
    2.3ApplicationPhpPhp4.1.1*******
    2.3ApplicationPhpPhp4.1.2*******
    2.3ApplicationPhpPhp4.2.0*******
    2.3ApplicationPhpPhp4.2.1*******
    2.3ApplicationPhpPhp4.2.2*******
    2.3ApplicationPhpPhp4.2.3*******
    2.3ApplicationPhpPhp4.3.0*******
    2.3ApplicationPhpPhp4.3.1*******
    2.3ApplicationPhpPhp4.3.2*******
    2.3ApplicationPhpPhp4.3.3*******
    2.3ApplicationPhpPhp4.3.5*******
    2.3ApplicationPhpPhp4.3.6*******
    2.3ApplicationPhpPhp4.3.7*******
    2.3ApplicationPhpPhp5.0rc1******
    2.3ApplicationPhpPhp5.0rc2******
    2.3ApplicationPhpPhp5.0rc3******
    2.3HardwareAvayaS8300r2.0.0*******
    2.3HardwareAvayaS8300r2.0.1*******
    2.3HardwareAvayaS8500r2.0.0*******
    2.3HardwareAvayaS8500r2.0.1*******
    2.3HardwareAvayaS8700r2.0.0*******
    2.3HardwareAvayaS8700r2.0.1*******

Vulnerable Software List

VendorProductVersions
Avaya S8300 r2.0.0, r2.0.1
Avaya S8500 r2.0.0, r2.0.1
Avaya Integrated Management *
Avaya S8700 r2.0.0, r2.0.1
Avaya Converged Communications Server 2.0
Redhat Fedora Core core_1.0, core_2.0
Php Php 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5, 4.3.6, 4.3.7, 5.0
Trustix Secure Linux 1.5, 2.0, 2.1

References

NameSourceURLTags
CLA-2004:847http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847CONECTIVA
20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerabilityhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.htmlFULLDISC
20040713 Advisory 11/2004: PHP memory_limit remote vulnerabilityhttp://marc.info/?l=bugtraq&m=108981780109154&w=2BUGTRAQ
20040714 TSSA-2004-013 - phphttp://marc.info/?l=bugtraq&m=108982983426031&w=2BUGTRAQ
20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)http://marc.info/?l=bugtraq&m=109051444105182&w=2BUGTRAQ
SSRT4777http://marc.info/?l=bugtraq&m=109181600614477&w=2HP
DSA-531http://www.debian.org/security/2004/dsa-531DEBIANPATCH Vendor Advisory
DSA-669http://www.debian.org/security/2005/dsa-669DEBIAN
GLSA-200407-13http://www.gentoo.org/security/en/glsa/glsa-200407-13.xmlGENTOO
MDKSA-2004:068http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068MANDRAKE
SUSE-SA:2004:021http://www.novell.com/linux/security/advisories/2004_21_php4.htmlSUSE
RHSA-2004:392http://www.redhat.com/support/errata/RHSA-2004-392.htmlREDHAT
RHSA-2004:395http://www.redhat.com/support/errata/RHSA-2004-395.htmlREDHAT
RHSA-2004:405http://www.redhat.com/support/errata/RHSA-2004-405.htmlREDHAT
RHSA-2005:816http://www.redhat.com/support/errata/RHSA-2005-816.htmlREDHAT
10724http://www.securityfocus.com/bid/10724BIDExploit PATCH Vendor Advisory
php-strip-tag-bypass(16692)https://exchange.xforce.ibmcloud.com/vulnerabilities/16692XF
oval:org.mitre.oval:def:10619https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619OVAL