{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CLA-2004:847", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CLA-2004:847", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:26.176Z"}, "title": "CVE Program Container", "references": [{"name": "CLA-2004:847", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"name": "20040714 TSSA-2004-013 - php", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"name": "DSA-669", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-669"}, {"name": "oval:org.mitre.oval:def:10619", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}, {"name": "RHSA-2004:395", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"name": "RHSA-2004:405", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"name": "RHSA-2004:392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"name": "DSA-531", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"name": "SUSE-SA:2004:021", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"name": "MDKSA-2004:068", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"name": "php-strip-tag-bypass(16692)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"name": "RHSA-2005:816", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"name": "SSRT4777", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"name": "20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"name": "10724", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10724"}, {"name": "20040713 Advisory 11/2004: PHP memory_limit remote vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"name": "GLSA-200407-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"name": "20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0595", "datePublished": "2004-07-16T04:00:00", "dateReserved": "2004-06-23T00:00:00", "dateUpdated": "2024-08-08T00:24:26.176Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "D12D6986-429E-4152-A6E5-4CC1FB9556D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."}, {"lang": "es", "value": "La funci\u00f3n strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caract\u00e9res null() dentro de nombreres de etiquetas cuanto se restringe la entrada a etiquetas permitidas, lo que permite que etiquetas peligrosas sean procesadas por navegadores como Internet Explorer y Safari, que ignoran caract\u00e9res nulos y facilita la explotaci\u00f3n de vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)."}], "id": "CVE-2004-0595", "lastModified": "2018-10-30T16:25:35.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-07-27T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108981780109154&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108982983426031&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109051444105182&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-531"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2005/dsa-669"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_21_php4.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-392.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-395.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10724"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16692"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2004:392", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "php-0:4.3.2-11.1.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:395", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2004-07-19T00:00:00Z"}, {"advisory": "RHSA-2004:405", "cpe": "cpe:/a:redhat:stronghold:4", "product_name": "Red Hat Stronghold 4", "release_date": "2004-07-23T00:00:00Z"}, {"advisory": "RHSA-2005:816", "cpe": "cpe:/a:redhat:rhel_stronghold:4.0", "product_name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "release_date": "2005-11-02T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234"}, "csaw": false, "details": ["The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities."], "name": "CVE-2004-0595", "public_date": "2004-07-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-0595\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-0595"], "threat_severity": "Moderate"}