CVE-2004-0595 - Vulnerability Details

Vendors	Products
Avaya	Converged Communications Server Integrated Management S8300 S8500 S8700
Php	Php
Redhat	Enterprise Linux Fedora Core Rhel Stronghold Stronghold
Trustix	Secure Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
php-0:4.3.2-11.1.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2004:392	2004-07-19T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:395	2004-07-19T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:395	2004-07-19T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:395	2004-07-19T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:395	2004-07-19T00:00:00Z
Red Hat Stronghold 4
	cpe:/a:redhat:stronghold:4	RHSA-2004:405	2004-07-23T00:00:00Z
Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)
	cpe:/a:redhat:rhel_stronghold:4.0	RHSA-2005:816	2005-11-02T00:00:00Z

Link	Providers
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://marc.info/?l=bugtraq&m=108981780109154&w=2
http://marc.info/?l=bugtraq&m=108982983426031&w=2
http://marc.info/?l=bugtraq&m=109051444105182&w=2
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://www.debian.org/security/2004/dsa-531
http://www.debian.org/security/2005/dsa-669
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
http://www.novell.com/linux/security/advisories/2004_21_php4.html
http://www.redhat.com/support/errata/RHSA-2004-392.html
http://www.redhat.com/support/errata/RHSA-2004-395.html
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.securityfocus.com/bid/10724
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
https://nvd.nist.gov/vuln/detail/CVE-2004-0595
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619
https://www.cve.org/CVERecord?id=CVE-2004-0595

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CLA-2004:847", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CLA-2004:847", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:26.176Z"}, "title": "CVE Program Container", "references": [{"name": "CLA-2004:847", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0595", "datePublished": "2004-07-16T04:00:00", "dateReserved": "2004-06-23T00:00:00", "dateUpdated": "2024-08-08T00:24:26.176Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2004-07-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-10-10T00:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : CLA-2004:847 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 (string)

}

1 : { »

name : 20040714 TSSA-2004-013 - php (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=108982983426031&w=2 (string)

}

2 : { »

name : DSA-669 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2005/dsa-669 (string)

}

3 : { »

name : oval:org.mitre.oval:def:10619 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 (string)

}

4 : { »

name : RHSA-2004:395 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-395.html (string)

}

5 : { »

name : RHSA-2004:405 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-405.html (string)

}

6 : { »

name : RHSA-2004:392 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-392.html (string)

}

7 : { »

name : DSA-531 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2004/dsa-531 (string)

}

8 : { »

name : SUSE-SA:2004:021 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://www.novell.com/linux/security/advisories/2004_21_php4.html (string)

}

9 : { »

name : MDKSA-2004:068 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

]

url : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 (string)

}

10 : { »

name : php-strip-tag-bypass(16692) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 (string)

}

11 : { »

name : RHSA-2005:816 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2005-816.html (string)

}

12 : { »

name : SSRT4777 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=109181600614477&w=2 (string)

}

13 : { »

name : 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=109051444105182&w=2 (string)

}

14 : { »

name : 10724 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/10724 (string)

}

15 : { »

name : 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=108981780109154&w=2 (string)

}

16 : { »

name : GLSA-200407-13 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml (string)

}

17 : { »

name : 20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2004-0595 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : CLA-2004:847 (string)

refsource : CONECTIVA (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 (string)

}

1 : { »

name : 20040714 TSSA-2004-013 - php (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=108982983426031&w=2 (string)

}

2 : { »

name : DSA-669 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2005/dsa-669 (string)

}

3 : { »

name : oval:org.mitre.oval:def:10619 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 (string)

}

4 : { »

name : RHSA-2004:395 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2004-395.html (string)

}

5 : { »

name : RHSA-2004:405 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2004-405.html (string)

}

6 : { »

name : RHSA-2004:392 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2004-392.html (string)

}

7 : { »

name : DSA-531 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2004/dsa-531 (string)

}

8 : { »

name : SUSE-SA:2004:021 (string)

refsource : SUSE (string)

url : http://www.novell.com/linux/security/advisories/2004_21_php4.html (string)

}

9 : { »

name : MDKSA-2004:068 (string)

refsource : MANDRAKE (string)

url : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 (string)

}

10 : { »

name : php-strip-tag-bypass(16692) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 (string)

}

11 : { »

name : RHSA-2005:816 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2005-816.html (string)

}

12 : { »

name : SSRT4777 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=109181600614477&w=2 (string)

}

13 : { »

name : 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=109051444105182&w=2 (string)

}

14 : { »

name : 10724 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/10724 (string)

}

15 : { »

name : 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=108981780109154&w=2 (string)

}

16 : { »

name : GLSA-200407-13 (string)

refsource : GENTOO (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml (string)

}

17 : { »

name : 20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability (string)

refsource : FULLDISC (string)

url : http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-08T00:24:26.176Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : CLA-2004:847 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

2 : x_transferred (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 (string)

}

1 : { »

name : 20040714 TSSA-2004-013 - php (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=108982983426031&w=2 (string)

}

2 : { »

name : DSA-669 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2005/dsa-669 (string)

}

3 : { »

name : oval:org.mitre.oval:def:10619 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 (string)

}

4 : { »

name : RHSA-2004:395 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-395.html (string)

}

5 : { »

name : RHSA-2004:405 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-405.html (string)

}

6 : { »

name : RHSA-2004:392 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2004-392.html (string)

}

7 : { »

name : DSA-531 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2004/dsa-531 (string)

}

8 : { »

name : SUSE-SA:2004:021 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://www.novell.com/linux/security/advisories/2004_21_php4.html (string)

}

9 : { »

name : MDKSA-2004:068 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

2 : x_transferred (string)

]

url : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 (string)

}

10 : { »

name : php-strip-tag-bypass(16692) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 (string)

}

11 : { »

name : RHSA-2005:816 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2005-816.html (string)

}

12 : { »

name : SSRT4777 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=109181600614477&w=2 (string)

}

13 : { »

name : 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=109051444105182&w=2 (string)

}

14 : { »

name : 10724 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/10724 (string)

}

15 : { »

name : 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=108981780109154&w=2 (string)

}

16 : { »

name : GLSA-200407-13 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml (string)

}

17 : { »

name : 20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2004-0595 (string)

datePublished : 2004-07-16T04:00:00 (string)

dateReserved : 2004-06-23T00:00:00 (string)

dateUpdated : 2024-08-08T00:24:26.176Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "D12D6986-429E-4152-A6E5-4CC1FB9556D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}, {"lang": "es", "value": "La funci\u00f3n strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caract\u00e9res null() dentro de nombreres de etiquetas cuanto se restringe la entrada a etiquetas permitidas, lo que permite que etiquetas peligrosas sean procesadas por navegadores como Internet Explorer y Safari, que ignoran caract\u00e9res nulos y facilita la explotaci\u00f3n de vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)."}], "id": "CVE-2004-0595", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-07-27T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2005/dsa-669"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10724"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2005/dsa-669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E586558A-ABC3-42EB-8B4D-DC92A0D695E6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C84296C-2C8A-4DCD-9751-52951F8BEA9F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E6996B14-925B-46B8-982F-3545328B506B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 39605B96-BAD6-45C9-BB9A-43D6E2C51ADD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A67735E5-E43E-4164-BDB2-ADC6E0288E9F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D12D6986-429E-4152-A6E5-4CC1FB9556D3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EDBEC461-D553-41B7-8D85-20B6A933C21C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 78BAA18C-E5A0-4210-B64B-709BBFF31EEC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 13A159B4-B847-47DE-B7F8-89384E6C551B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 57B59616-A309-40B4-94B1-50A7BC00E35C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 0F39A1B1-416E-4436-8007-733B66904A14 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : FC2E5F96-66D2-4F99-A74D-6A2305EE218E (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 2D724D09-0D45-4701-93C9-348301217C8C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6713614A-B14E-4A85-BF89-ED780068FC68 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FD95F8EB-B428-4B3C-9254-A5DECE03A989 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 069EB7EE-06B9-454F-9007-8DE5DCA33C53 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 18BF5BE6-09EA-45AD-93BF-2BEF1742534E (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : EC1460DF-1687-4314-BF1A-01290B20302D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 470380B0-3982-48FC-871B-C8B43C81900D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 63190D9B-7958-4B93-87C6-E7D5A572F6DC (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4AAF4586-74FF-47C6-864B-656FDF3F33D0 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 5652D5B0-68E4-4239-B9B7-599AFCF4C53E (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 57B71BB7-5239-4860-9100-8CABC3992D8C (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 72BD447A-4EED-482C-8F61-48FAD4FCF8BA (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : E3797AB5-9E49-4251-A212-B6E5D9996764 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 20C0BD87-CE4B-49D2-89BE-EF282C43AD72 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C3E6C4A8-59F4-43EE-8413-E95289037598 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FE76357A-27E6-4D85-9AA0-1BB658C41568 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C56C5FDB-24E2-479D-87CA-164CD28567D3 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D982AE39-BB57-49E7-B5FE-5EF1ADE2F019 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. (string)

}

1 : { »

lang : es (string)

value : La función strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caractéres null() dentro de nombreres de etiquetas cuanto se restringe la entrada a etiquetas permitidas, lo que permite que etiquetas peligrosas sean procesadas por navegadores como Internet Explorer y Safari, que ignoran caractéres nulos y facilita la explotación de vulnerabilidades de secuencias de comandos en sitios cruzados (XSS). (string)

}

]

id : CVE-2004-0595 (string)

lastModified : 2025-04-03T01:03:51.193 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : true (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2004-07-27T04:00:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=108981780109154&w=2 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=108982983426031&w=2 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=109051444105182&w=2 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=109181600614477&w=2 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.debian.org/security/2004/dsa-531 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2005/dsa-669 (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.novell.com/linux/security/advisories/2004_21_php4.html (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2004-392.html (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2004-395.html (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2004-405.html (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2005-816.html (string)

}

15 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Vendor Advisory (string)

]

url : http://www.securityfocus.com/bid/10724 (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 (string)

}

17 : { »

source : cve@mitre.org (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=108981780109154&w=2 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=108982983426031&w=2 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=109051444105182&w=2 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=109181600614477&w=2 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.debian.org/security/2004/dsa-531 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2005/dsa-669 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.novell.com/linux/security/advisories/2004_21_php4.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2004-392.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2004-395.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2004-405.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2005-816.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Vendor Advisory (string)

]

url : http://www.securityfocus.com/bid/10724 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/16692 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2004:392", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "php-0:4.3.2-11.1.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:405", "cpe": "cpe:/a:redhat:stronghold:4", "product_name": "Red Hat Stronghold 4", "release_date": "2004-07-23T00:00:00Z"}, {"advisory": "RHSA-2005:816", "cpe": "cpe:/a:redhat:rhel_stronghold:4.0", "product_name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "release_date": "2005-11-02T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234"}, "csaw": false, "details": ["The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."], "name": "CVE-2004-0595", "public_date": "2004-07-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-0595\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-0595"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2004:392 (string)

cpe : cpe:/o:redhat:enterprise_linux:3 (string)

package : php-0:4.3.2-11.1.ent (string)

product_name : Red Hat Enterprise Linux 3 (string)

release_date : 2004-07-19T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2004:395 (string)

cpe : cpe:/o:redhat:enterprise_linux:2.1 (string)

product_name : Red Hat Enterprise Linux AS (Advanced Server) version 2.1 (string)

release_date : 2004-07-19T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2004:395 (string)

cpe : cpe:/o:redhat:enterprise_linux:2.1 (string)

product_name : Red Hat Enterprise Linux ES version 2.1 (string)

release_date : 2004-07-19T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2004:395 (string)

cpe : cpe:/o:redhat:enterprise_linux:2.1 (string)

product_name : Red Hat Enterprise Linux WS version 2.1 (string)

release_date : 2004-07-19T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2004:395 (string)

cpe : cpe:/o:redhat:enterprise_linux:2.1 (string)

product_name : Red Hat Linux Advanced Workstation 2.1 (string)

release_date : 2004-07-19T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2004:405 (string)

cpe : cpe:/a:redhat:stronghold:4 (string)

product_name : Red Hat Stronghold 4 (string)

release_date : 2004-07-23T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2005:816 (string)

cpe : cpe:/a:redhat:rhel_stronghold:4.0 (string)

product_name : Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) (string)

release_date : 2005-11-02T00:00:00Z (string)

}

]

bugzilla : { »

description : security flaw (string)

id : 1617234 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1617234 (string)

}

csaw : false (boolean)

details : [ »

0 : The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. (string)

]

name : CVE-2004-0595 (string)

public_date : 2004-07-14T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2004-0595 https://nvd.nist.gov/vuln/detail/CVE-2004-0595 (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object