NVD Vulnerability Detail

CVE-2004-0595

Summary	The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Publication Date	July 27, 2004, 1 p.m.
Registration Date	Jan. 29, 2021, 6 p.m.
Last Update	Oct. 31, 2018, 1:25 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:avaya:converged_communications_server:2.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
cpe:2.3:o:trustix:secure_linux:1.5:::::::*
cpe:2.3:o:trustix:secure_linux:2.0:::::::*
cpe:2.3:o:trustix:secure_linux:2.1:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:avaya:integrated_management::::::::
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:h:avaya:s8300:r2.0.0:::::::*
cpe:2.3:h:avaya:s8300:r2.0.1:::::::*
cpe:2.3:h:avaya:s8500:r2.0.0:::::::*
cpe:2.3:h:avaya:s8500:r2.0.1:::::::*
cpe:2.3:h:avaya:s8700:r2.0.0:::::::*
cpe:2.3:h:avaya:s8700:r2.0.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847	CONECTIVA
2	http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html	FULLDISC
3	http://marc.info/?l=bugtraq&m=108981780109154&w=2	BUGTRAQ
4	http://marc.info/?l=bugtraq&m=108982983426031&w=2	BUGTRAQ
5	http://marc.info/?l=bugtraq&m=109051444105182&w=2	BUGTRAQ
6	http://marc.info/?l=bugtraq&m=109181600614477&w=2	HP
7	http://www.debian.org/security/2004/dsa-531	DEBIAN	Patch Vendor Advisory
8	http://www.debian.org/security/2005/dsa-669	DEBIAN
9	http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml	GENTOO
10	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068	MANDRAKE
11	http://www.novell.com/linux/security/advisories/2004_21_php4.html	SUSE
12	http://www.redhat.com/support/errata/RHSA-2004-392.html	REDHAT
13	http://www.redhat.com/support/errata/RHSA-2004-395.html	REDHAT
14	http://www.redhat.com/support/errata/RHSA-2004-405.html	REDHAT
15	http://www.redhat.com/support/errata/RHSA-2005-816.html	REDHAT
16	http://www.securityfocus.com/bid/10724	BID	Exploit Patch Vendor Advisory
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/16692	XF
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:avaya:converged_communications_server:2.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
cpe:2.3:o:trustix:secure_linux:1.5:::::::*
cpe:2.3:o:trustix:secure_linux:2.0:::::::*
cpe:2.3:o:trustix:secure_linux:2.1:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:avaya:integrated_management::::::::
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:h:avaya:s8300:r2.0.0:::::::*
cpe:2.3:h:avaya:s8300:r2.0.1:::::::*
cpe:2.3:h:avaya:s8500:r2.0.0:::::::*
cpe:2.3:h:avaya:s8500:r2.0.1:::::::*
cpe:2.3:h:avaya:s8700:r2.0.0:::::::*
cpe:2.3:h:avaya:s8700:r2.0.1:::::::*