Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.52896
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2004-23 (php)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to php
announced via advisory TLSA-2004-23.

PHP is an HTML-embedded scripting language.
The strip_tags function in PHP, does not filter null (\0) characters
within tag names when restricting input to allowed tags.

This allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters
this facilitates the
exploitation of cross-site scripting (XSS) vulnerabilities.

Bug allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-23

Risk factor : High

CVSS Score:
6.8

Querverweis: BugTraq ID: 10724
Common Vulnerability Exposure (CVE) ID: CVE-2004-0595
http://www.securityfocus.com/bid/10724
Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108981780109154&w=2
Bugtraq: 20040714 TSSA-2004-013 - php (Google Search)
http://marc.info/?l=bugtraq&m=108982983426031&w=2
Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search)
http://marc.info/?l=bugtraq&m=109051444105182&w=2
Conectiva Linux advisory: CLA-2004:847
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
Debian Security Information: DSA-531 (Google Search)
http://www.debian.org/security/2004/dsa-531
Debian Security Information: DSA-669 (Google Search)
http://www.debian.org/security/2005/dsa-669
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
HPdes Security Advisory: SSRT4777
http://marc.info/?l=bugtraq&m=109181600614477&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619
http://www.redhat.com/support/errata/RHSA-2004-392.html
http://www.redhat.com/support/errata/RHSA-2004-395.html
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2004:021 (Google Search)
http://www.novell.com/linux/security/advisories/2004_21_php4.html
XForce ISS Database: php-strip-tag-bypass(16692)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.