VDB
CVE-2004-0595
CVE-2004-0595
PUBLISHED
Reported by mitre · Published July 16, 2004
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Exploit Intelligence
- http://www.securityfocus.com/bid/10724 (vulncheck-nvd)
Timeline
- Jul 16, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- CLA-2004:847 vendor-advisoryx_refsource_CONECTIVA
- 20040714 TSSA-2004-013 - php mailing-listx_refsource_BUGTRAQ
- DSA-669 vendor-advisoryx_refsource_DEBIAN
- oval:org.mitre.oval:def:10619 vdb-entrysignaturex_refsource_OVAL
- RHSA-2004:395 vendor-advisoryx_refsource_REDHAT
- RHSA-2004:405 vendor-advisoryx_refsource_REDHAT
- RHSA-2004:392 vendor-advisoryx_refsource_REDHAT
- DSA-531 vendor-advisoryx_refsource_DEBIAN
- SUSE-SA:2004:021 vendor-advisoryx_refsource_SUSE
- MDKSA-2004:068 vendor-advisoryx_refsource_MANDRAKE
- php-strip-tag-bypass(16692) vdb-entryx_refsource_XF
- RHSA-2005:816 vendor-advisoryx_refsource_REDHAT
- SSRT4777 vendor-advisoryx_refsource_HP
- 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) mailing-listx_refsource_BUGTRAQ
- 10724 vdb-entryx_refsource_BID
- 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability mailing-listx_refsource_BUGTRAQ
- GLSA-200407-13 vendor-advisoryx_refsource_GENTOO
- 20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability mailing-listx_refsource_FULLDISC