CVE-2004-0595
CVSS6.8
发布时间 :2004-07-27 00:00:00
修订时间 :2016-10-17 22:46:30
NMCOEPS    

[原文]The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.


[CNNVD]PHP strip_tags()函数绕过漏洞(CNNVD-200407-076)

        PHP 4.x到4.3.7版本,以及5.x到5.0.0RC3版本的strip_tags函数,当为允许标签输入限制时不能过滤在标签名称内空(\0)字符。Web浏览器如Internet Explorer和Safariweb可以处理危险标签,同时忽略空字符以及促进跨站脚本攻击(XSS)漏洞的利用。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/h:avaya:s8300:r2.0.0
cpe:/a:avaya:integrated_managementAvaya Integrated Management
cpe:/a:php:php:4.3
cpe:/a:php:php:4.0
cpe:/a:php:php:4.3.6PHP PHP 4.3.6
cpe:/a:php:php:4.3.5PHP PHP 4.3.5
cpe:/a:php:php:4.3.7PHP PHP 4.3.7
cpe:/a:php:php:4.0.1PHP PHP 4.0.1
cpe:/a:php:php:4.1.0PHP PHP 4.1.0
cpe:/a:php:php:4.0.3PHP PHP 4.0.3
cpe:/a:php:php:4.1.2PHP PHP 4.1.2
cpe:/a:php:php:4.2.1PHP PHP 4.2.1
cpe:/a:php:php:5.0:rc3
cpe:/a:php:php:4.0.2PHP PHP 4.0.2
cpe:/a:php:php:4.1.1PHP PHP 4.1.1
cpe:/a:php:php:4.2.0PHP PHP 4.2.0
cpe:/a:php:php:5.0:rc1
cpe:/h:avaya:s8300:r2.0.1
cpe:/a:php:php:5.0:rc2
cpe:/o:redhat:fedora_core:core_1.0
cpe:/h:avaya:converged_communications_server:2.0Avaya Converged Communications Server 2.0
cpe:/h:avaya:s8500:r2.0.1
cpe:/h:avaya:s8500:r2.0.0
cpe:/h:avaya:s8700:r2.0.1
cpe:/a:php:php:4.0.5PHP PHP 4.0.5
cpe:/a:php:php:4.2.3PHP PHP 4.2.3
cpe:/a:php:php:4.3.2PHP PHP 4.3.2
cpe:/a:php:php:4.0.4PHP PHP 4.0.4
cpe:/a:php:php:4.2.2PHP PHP 4.2.2
cpe:/a:php:php:4.3.1PHP PHP 4.3.1
cpe:/h:avaya:s8700:r2.0.0
cpe:/a:php:php:4.0.7PHP PHP 4.0.7
cpe:/a:php:php:4.0.6PHP PHP 4.0.6
cpe:/a:php:php:4.3.3PHP PHP 4.3.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10619The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricti...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0595
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-076
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
(UNKNOWN)  CONECTIVA  CLA-2004:847
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
(UNKNOWN)  FULLDISC  20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability
http://marc.info/?l=bugtraq&m=108981780109154&w=2
(UNKNOWN)  BUGTRAQ  20040713 Advisory 11/2004: PHP memory_limit remote vulnerability
http://marc.info/?l=bugtraq&m=108982983426031&w=2
(UNKNOWN)  BUGTRAQ  20040714 TSSA-2004-013 - php
http://marc.info/?l=bugtraq&m=109051444105182&w=2
(UNKNOWN)  BUGTRAQ  20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)
http://marc.info/?l=bugtraq&m=109181600614477&w=2
(UNKNOWN)  HP  SSRT4777
http://www.debian.org/security/2004/dsa-531
(VENDOR_ADVISORY)  DEBIAN  DSA-531
http://www.debian.org/security/2005/dsa-669
(UNKNOWN)  DEBIAN  DSA-669
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
(UNKNOWN)  GENTOO  GLSA-200407-13
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
(UNKNOWN)  MANDRAKE  MDKSA-2004:068
http://www.novell.com/linux/security/advisories/2004_21_php4.html
(UNKNOWN)  SUSE  SUSE-SA:2004:021
http://www.redhat.com/support/errata/RHSA-2004-392.html
(UNKNOWN)  REDHAT  RHSA-2004:392
http://www.redhat.com/support/errata/RHSA-2004-395.html
(UNKNOWN)  REDHAT  RHSA-2004:395
http://www.redhat.com/support/errata/RHSA-2004-405.html
(UNKNOWN)  REDHAT  RHSA-2004:405
http://www.redhat.com/support/errata/RHSA-2005-816.html
(UNKNOWN)  REDHAT  RHSA-2005:816
http://www.securityfocus.com/bid/10724
(VENDOR_ADVISORY)  BID  10724
http://xforce.iss.net/xforce/xfdb/16692
(VENDOR_ADVISORY)  XF  php-strip-tag-bypass(16692)

- 漏洞信息

PHP strip_tags()函数绕过漏洞
中危 跨站脚本
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        PHP 4.x到4.3.7版本,以及5.x到5.0.0RC3版本的strip_tags函数,当为允许标签输入限制时不能过滤在标签名称内空(\0)字符。Web浏览器如Internet Explorer和Safariweb可以处理危险标签,同时忽略空字符以及促进跨站脚本攻击(XSS)漏洞的利用。

- 公告与补丁

        Slackware has released an advisory (SSA:2005-095-01) including updated packages to address this issue. Please see the referenced advisory for more information.
        Redhat has released an advisory (FEDORA-2004-223) and fixes addressing this issue for Fedora Core 2. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.
        Redhat has released an advisory (FEDORA-2004-222) and fixes addressing this issue for Fedora Core 1. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.
        Avaya has released an updated advisory that acknowledges this vulnerability for Avaya products. Some fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
        http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198054&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()
        TinySofa Linux has released advisory TSSA-2004-013 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        Mandrake Linux has released advisory MDKSA-2004:068 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.
        Gentoo Linux has released advisory GLSA 200407-13 dealing with this and other issues. All PHP, mod_php and php-cgi users should upgrade to the latest stable
        version:
        # emerge sync
        # emerge -pv ">=dev-php/php-4.3.8"
         # emerge ">=dev-php/php-4.3.8"
        # emerge -pv ">=dev-php/mod_php-4.3.8"
         # emerge ">=dev-php/mod_php-4.3.8"
        # emerge -pv ">=dev-php/php-cgi-4.3.8"
         # emerge ">=dev-php/php-cgi-4.3.8"
        For more information please see the referenced Gentoo Linux advisory.
        SuSE Linux has released an advisory (SUSE-SA:2004:021) along with fixes dealing with this issue. Please see the referenced advisory for more information.
        Conectiva Linux has released an announcement (CLSA-2004:847) dealing with this and other issues. Please see the referenced advisory for more information.
        Red Hat has released advisory RHSA-2004:395-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
        Debian has released advisory DSA 531-1 dealing with this and other issues. Please see the referenced advisory for more information.
        OpenPKG has released advisory OpenPKG-SA-2004.034 dealing with this and other issues. Please see the referenced advisory for further information.
        RedHat has released an advisory (RHSA-2004:405-06) to address various issues in Stronghold. Updated Stronghold 4 packages have been released. RedHat users are advised to upgrade their computers by carrying out the following command to launch the update agent service:
        bin/agent
        Please see the RedHat advisory in web references for more information.
        Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.
        Hewlett-Packard has released advisory HPSBUX01064 along with a resolution dealing with this issue. Please see the referenced advisory for more information.
        TurboLinux has released advisory TLSA-2004-23 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        Apple Computers has released advisory APPLE-SA-2005-01-25 along with a security update dealing with this and other issues. Please see the referenced advisory for more information.
        Debian Linux has released an advisory (DSA 669-1) dealing with this issue. Please see the reference section for more information.
        Apple Computers has released Mac OS X version 10.3.8 dealing with this issue. This upgrade includes the security patches shipped with the referenced security update.
        Red Hat has released advisory RHSA-2005:816-10 to address this issue for Red Hat Stronghold for Enterprise Linux. Please see the referenced advisory for further information on obtaining fixes.
        HP HP-UX B.11.11
        
        HP HP-UX B.11.22
        
        HP HP-UX B.11.23
        
        
        
        Apple Mac OS X 10.2.8
        
        
        PHP PHP 4.0.6
        
        PHP PHP 4.1 .0
        

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站