Vulnerability CVE-2007-1454

Vulnerability Name:

CVE-2007-1454 (CCN-33229)

Assigned:

2007-03-11

Published:

2007-03-11

Updated:

2008-09-05

Summary:

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2007-1454

Source: SECUNIA
Type: UNKNOWN
25056

Source: SECUNIA
Type: UNKNOWN
25062

Source: DEBIAN
Type: UNKNOWN
DSA-1283

Source: DEBIAN
Type: DSA-1283
php5 -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:090

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:032

Source: CCN
Type: OSVDB ID: 33932
PHP ext/filter HTML Tag Stripping Bypass

Source: CCN
Type: MOPB-18-2007
PHP ext/filter HTML Tag Stripping Bypass Vulnerability

Source: MISC
Type: UNKNOWN
http://www.php-security.org/MOPB/MOPB-18-2007.html

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: BID
Type: UNKNOWN
22914

Source: CCN
Type: BID-22914
PHP EXT/Filter HTML Stripping Bypass Vulnerability

Source: XF
Type: UNKNOWN
php-tagstripping-security-bypass(33229)

Source: SUSE
Type: SUSE-SA:2007:032
PHP security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:19944	P	DSA-1283-1 php5	2014-06-23
oval:org.opensuse.security:def:20071454	V	CVE-2007-1454	2012-07-03
oval:org.debian:def:1283	V	several vulnerabilities	2007-04-29

BACK