Vulnerability CVE-2004-0595 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0595 (CCN-16692)

Assigned:

2004-07-14

Published:

2004-07-14

Updated:

2018-10-30

Summary:

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 13 2004 - 17:55:25 CDT
PHP strip_tags() bypass vulnerability

Source: MITRE
Type: CNA
CVE-2004-0595

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:847

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:847
Remote arbitrary code execution vulnerabilities and other

Source: FULLDISC
Type: UNKNOWN
20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20040713 Advisory 11/2004: PHP memory_limit remote vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20040714 TSSA-2004-013 - php

Source: BUGTRAQ
Type: UNKNOWN
20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)

Source: HP
Type: UNKNOWN
SSRT4777

Source: CCN
Type: RHSA-2004-392
php security update

Source: CCN
Type: RHSA-2004-395
php security update

Source: CCN
Type: RHSA-2005-816
apache

Source: CCN
Type: Slackware Security Advisories Tue, 20 Jul 2004 23:21:16 -0700 (PDT)
[slackware-security] PHP (SSA:2004-202-01)

Source: CCN
Type: CIAC Information Bulletin 0-184
PHP memory_limit and strip_tags Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin P-116
Apple Security Update 2005-001 for Mac OS X

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-531

Source: DEBIAN
Type: UNKNOWN
DSA-669

Source: DEBIAN
Type: DSA-531
php4 -- several vulnerabilities

Source: DEBIAN
Type: DSA-669
php3 -- several vulnerabilities

Source: CCN
Type: GLSA-200407-13
PHP: Multiple security vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200407-13

Source: CCN
Type: ematter Security Advisory 2004/07/14
PHP strip_tags() bypass vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:068

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:021

Source: CCN
Type: OpenPKG-SA-2004.034
PHP

Source: CCN
Type: PHP Web site
PHP:Hypertext Preprocessor

Source: REDHAT
Type: UNKNOWN
RHSA-2004:392

Source: REDHAT
Type: UNKNOWN
RHSA-2004:395

Source: REDHAT
Type: UNKNOWN
RHSA-2004:405

Source: REDHAT
Type: UNKNOWN
RHSA-2005:816

Source: BID
Type: Exploit, Patch, Vendor Advisory
10724

Source: CCN
Type: BID-10724
PHP Strip_Tags() Function Bypass Vulnerability

Source: CCN
Type: TLSA-2004-23
Non-filtering of null characters allows processing of dangerous tags

Source: XF
Type: UNKNOWN
php-strip-tag-bypass(16692)

Source: XF
Type: UNKNOWN
php-strip-tag-bypass(16692)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10619

Source: SUSE
Type: SUSE-SA:2004:021
php4 / mod_php4: remote code execution

Vulnerable Configuration:

Configuration 1:

cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:avaya:integrated_management:*:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc3:*:*:*:*:*:*

OR cpe:/h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*

OR cpe:/h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*

OR cpe:/h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*

OR cpe:/h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*

OR cpe:/h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*

OR cpe:/h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*

AND

cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:stronghold:*:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:10619	V	The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.	2013-04-29
oval:org.debian:def:669	V	several vulnerabilities	2005-02-07
oval:org.debian:def:531	V	several vulnerabilities	2004-07-20
oval:com.redhat.rhsa:def:20040392	P	RHSA-2004:392: php security update (Important)	2004-07-19