CVE-2004-0595
published 2004-07-27CVE-2004-0595: The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
45.16%
98.6th percentile
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avaya | converged_communications_server | — | — |
| avaya | s8300 | — | — |
| avaya | s8300 | — | — |
| avaya | s8500 | — | — |
| avaya | s8500 | — | — |
| avaya | s8700 | — | — |
| avaya | s8700 | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-07-14·CVSS 6.8
CVE-2004-0595 [MEDIUM] security flaw
security flaw
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
GHSA
GHSA-h8wj-59vf-r37g: The strip_tags function in PHP 4
ghsa_unreviewed·2022-04-29
CVE-2004-0595 [MEDIUM] GHSA-h8wj-59vf-r37g: The strip_tags function in PHP 4
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
No detection rules found.
Bugzilla
CVE-2004-0595 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2004-0595 [MEDIUM] CVE-2004-0595 security flaw
CVE-2004-0595 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Bugzilla
CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
bugzilla·2005-10-25·CVSS 5.1
CVE-2004-0595 [MEDIUM] CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
Multiple flaws in Stronghold 4.0 PHP
A flaw in the strip_tags function in PHP, commonly used by PHP scripts to
prevent cross-site scripting attacks by removing HTML tags from
user-supplied form data. HTML tags can, in some cases, be passed intact
through the strip_tags function, which may allow a cross-site scripting
attack. (CVE-2004-0595)
A flaw if the memory_limit configuration setting is enabled in PHP. If a
remote attacker could force the PHP interpreter to allocate more memory
than the memory_limit setting before script execution begins, then the
attacker may be able to supply the contents of a PHP hash table remotely.
This hash table could then be used to execute arbitrary code in the context
of the server. (CVE-
CWE
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
mitre_cwe
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.
Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the product may attempt to remove a "javascript:" URI scheme, but a "java%00script:" URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands.
Detection Methods:
Automated Static Ana
CWE
Incomplete List of Disallowed Inputs
mitre_cwe
CWE-184 Incomplete List of Disallowed Inputs
CWE-184: Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Modes of Introduction:
Phase: Implementation
Note: Developers often try to protect their products against malicious input by checking against lists of known bad inputs, such as special characters that can invoke new commands. However, such lists often only address the most well-known bad inputs. As a quick fix, developers might rely on these lists instead of addressing the root cause of the issue. See [REF-141].
Phase: Architecture and Design
Note: The design might rely solely on detection of m
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.htmlhttp://marc.info/?l=bugtraq&m=108981780109154&w=2http://marc.info/?l=bugtraq&m=108982983426031&w=2http://marc.info/?l=bugtraq&m=109051444105182&w=2http://marc.info/?l=bugtraq&m=109181600614477&w=2http://www.debian.org/security/2004/dsa-531http://www.debian.org/security/2005/dsa-669http://www.gentoo.org/security/en/glsa/glsa-200407-13.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068http://www.novell.com/linux/security/advisories/2004_21_php4.htmlhttp://www.redhat.com/support/errata/RHSA-2004-392.htmlhttp://www.redhat.com/support/errata/RHSA-2004-395.htmlhttp://www.redhat.com/support/errata/RHSA-2004-405.htmlhttp://www.redhat.com/support/errata/RHSA-2005-816.htmlhttp://www.securityfocus.com/bid/10724https://exchange.xforce.ibmcloud.com/vulnerabilities/16692https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.htmlhttp://marc.info/?l=bugtraq&m=108981780109154&w=2http://marc.info/?l=bugtraq&m=108982983426031&w=2http://marc.info/?l=bugtraq&m=109051444105182&w=2http://marc.info/?l=bugtraq&m=109181600614477&w=2http://www.debian.org/security/2004/dsa-531http://www.debian.org/security/2005/dsa-669http://www.gentoo.org/security/en/glsa/glsa-200407-13.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068http://www.novell.com/linux/security/advisories/2004_21_php4.htmlhttp://www.redhat.com/support/errata/RHSA-2004-392.htmlhttp://www.redhat.com/support/errata/RHSA-2004-395.htmlhttp://www.redhat.com/support/errata/RHSA-2004-405.htmlhttp://www.redhat.com/support/errata/RHSA-2005-816.htmlhttp://www.securityfocus.com/bid/10724https://exchange.xforce.ibmcloud.com/vulnerabilities/16692https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619
2004-07-27
Published