漏洞信息详情

PHP strip_tags（）函数绕过漏洞

• CNNVD编号：CNNVD-200407-076
• 危害等级： 中危
  
• CVE编号： CVE-2004-0595
• 漏洞类型： 跨站脚本
• 发布时间： 2004-07-27
• 威胁类型： 远程
• 更新时间： 2005-10-20
• 厂        商： php
• 漏洞来源： disclosed this vulnerability.');">Stefan Esser <>

漏洞简介

PHP 4.x到4.3.7版本，以及5.x到5.0.0RC3版本的strip_tags函数，当为允许标签输入限制时不能过滤在标签名称内空(＼0)字符。Web浏览器如Internet Explorer和Safariweb可以处理危险标签，同时忽略空字符以及促进跨站脚本攻击(XSS)漏洞的利用。

漏洞公告

Slackware has released an advisory (SSA:2005-095-01) including updated packages to address this issue. Please see the referenced advisory for more information. Redhat has released an advisory (FEDORA-2004-223) and fixes addressing this issue for Fedora Core 2. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes. Redhat has released an advisory (FEDORA-2004-222) and fixes addressing this issue for Fedora Core 1. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes. Avaya has released an updated advisory that acknowlEdges this vulnerability for Avaya products. Some fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple/CSS/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198054&PAGE=avaya.CSS.CSSLvl1Detail&executeTransaction=avaya.CSS.UsageUpdate() TinySofa Linux has released advisory TSSA-2004-013 along with fixes dealing with this issue. Please see the referenced advisory for more information. Mandrake Linux has released advisory MDKSA-2004:068 along with fixes dealing with this and other issues. Please see the referenced advisory for more information. Gentoo Linux has released advisory GLSA 200407-13 dealing with this and other issues. All PHP, mod_php and php-cgi users should upgrade to the latest stable version: # emerge sync # emerge -pv ">=dev-php/php-4.3.8" # emerge ">=dev-php/php-4.3.8" # emerge -pv ">=dev-php/mod_php-4.3.8" # emerge ">=dev-php/mod_php-4.3.8" # emerge -pv ">=dev-php/php-cgi-4.3.8" # emerge ">=dev-php/php-cgi-4.3.8" For more information please see the referenced Gentoo Linux advisory. SuSE Linux has released an advisory (SUSE-SA:2004:021) along with fixes dealing with this issue. Please see the referenced advisory for more information. Conectiva Linux has released an announcement (CLSA-2004:847) dealing with this and other issues. Please see the referenced advisory for more information. Red Hat has released advisory RHSA-2004:395-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information. Debian has released advisory DSA 531-1 dealing with this and other issues. Please see the referenced advisory for more information. OpenPKG has released advisory OpenPKG-SA-2004.034 dealing with this and other issues. Please see the referenced advisory for further information. RedHat has released an advisory (RHSA-2004:405-06) to address various issues in Stronghold. Updated Stronghold 4 packages have been released. RedHat users are advised to upgrade their computers by carrying out the following command to launch the update agent service: bin/agent Please see the RedHat advisory in web references for more information. Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information. Hewlett-Packard has released advisory HPSBUX01064 along with a resolution dealing with this issue. Please see the referenced advisory for more information. TurboLinux has released advisory TLSA-2004-23 along with fixes dealing with this issue. Please see the referenced advisory for more information. CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Computers has released advisory CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2005-01-25 along with a security update dealing with this and other issues. Please see the referenced advisory for more information. Debian Linux has released an advisory (DSA 669-1) dealing with this issue. Please see the reference section for more information. CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Computers has released Mac OS X version 10.3.8 dealing with this issue. This upgrade includes the security patches shipped with the referenced security update. Red Hat has released advisory RHSA-2005:816-10 to address this issue for Red Hat Stronghold for Enterprise Linux. Please see the referenced advisory for further information on obtaining fixes. HP HP-UX B.11.11

• HP HP-UX Apache-based Web Server v.2.0.50.00 http://software.hp.com

HP HP-UX B.11.22

• HP HP-UX Apache-based Web Server v.2.0.50.00 http://software.hp.com

HP HP-UX B.11.23

• HP HP-UX Apache-based Web Server v.2.0.50.00 http://software.hp.com

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.2.8

• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Security Update 2005-001 (Mac OS X 10.2.8 Client) 1.0 http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2005001macosx1028 client.HTML

PHP PHP 4.0.6

• TurboLinux php-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-4.2.3-18.i586.rpm
• TurboLinux php-imap-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-imap-4.2.3-18.i586.rpm
• TurboLinux php-ldap-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-ldap-4.2.3-18.i586.rpm
• TurboLinux php-manual-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-manual-4.2.3-18.i586.rpm
• TurboLinux php-mysql-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-mysql-4.2.3-18.i586.rpm
• TurboLinux php-pgsql-4.2.3-18.i586.rpm ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/php-pgsql-4.2.3-18.i586.rpm

PHP PHP 4.1 .0

• SuSE mod_php4-4.1.0-317.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-317.i386 .patch.rpm
• SuSE mod_php4-core-4.1.0-317.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-core-4.1.0-317 .i386.patch.rpm
• SuSE mod_php4-servlet-4.1.0-317.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-servlet-4.1.0- 317.i386.patch.rpm
• SuSE mod_php4-4.1.0-317.i386.rpm

  参考网址

  来源: BID 名称: 10724 链接:http://www.securityfocus.com/bid/10724 来源: DEBIAN 名称: DSA-531 链接:http://www.debian.org/security/2004/dsa-531 来源: XF 名称: php-strip-tag-bypass(16692) 链接:http://xforce.iss.net/xforce/xfdb/16692 来源: REDHAT 名称: RHSA-2004:405 链接:http://www.redhat.com/support/errata/RHSA-2004-405.HTML 来源: REDHAT 名称: RHSA-2004:395 链接:http://www.redhat.com/support/errata/RHSA-2004-395.HTML 来源: REDHAT 名称: RHSA-2004:392 链接:http://www.redhat.com/support/errata/RHSA-2004-392.HTML 来源: SUSE 名称: SUSE-SA:2004:021 链接:http://www.novell.com/linux/security/advisories/2004_21_php4.HTML 来源: MANDRAKE 名称: MDKSA-2004:068 链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 来源: GENTOO 名称: GLSA-200407-13 链接:http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml 来源: DEBIAN 名称: DSA-669 链接:http://www.debian.org/security/2005/dsa-669 来源: OVAL 名称: oval:org.mitre.oval:def:10619 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10619 来源: BUGTRAQ 名称: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154&w=2 来源: FULLDISC 名称: 20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.HTML 来源: GENTOO 名称: GLSA-200407-13 链接:http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml 来源: REDHAT 名称: RHSA-2005:816 链接:http://www.redhat.com/support/errata/RHSA-2005-816.HTML 来源: HP 名称: SSRT4777 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109181600614477&w=2 来源: BUGTRAQ 名称: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109051444105182&w=2 来源: BUGTRAQ 名称: 20040714 TSSA-2004-013 - php 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108982983426031&w=2 来源: CONECTIVA 名称: CLA-2004:847 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847

受影响实体

• Php Php:5.0:Rc3  

补丁

暂无