CVE-2004-0595

Impact:
Moderate
Public Date:
2004-07-14
Bugzilla:
1617234: CVE-2004-0595 security flaw

The MITRE CVE dictionary describes this issue as:

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Find out more about CVE-2004-0595 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Stronghold 4 for Red Hat Enterprise Linux RHSA-2005:816 2005-11-02
Red Hat Stronghold 4 RHSA-2004:405 2004-07-23
Red Hat Enterprise Linux 3 (php) RHSA-2004:392 2004-07-19
Red Hat Enterprise Linux 2.1 RHSA-2004:395 2004-07-19

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.