Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2024 Tenable Network Security, Inc.PHP_STRIP_TAGS_MEMORY_LIMIT_VULN.NASL
HistoryJul 15, 2004 - 12:00 a.m.

PHP < 4.3.8 Multiple Vulnerabilities

2004-07-1500:00:00
This script is Copyright (C) 2004-2024 Tenable Network Security, Inc.
www.tenable.com
23

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.939

Percentile

99.2%

JSON

According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.7. It is, therefore, potentially affected by a bug that could allow an attacker to execute arbitrary code on the remote host if the option memory_limit is set. Another bug in the function strip_tags() may allow an attacker to bypass content restrictions when submitting data and may lead to cross-site scripting issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(13650);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id("CVE-2004-0594", "CVE-2004-0595");
  script_bugtraq_id(10724, 10725);

  script_name(english:"PHP < 4.3.8 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP 4.3.x installed on the
remote host is prior to 4.3.7.  It is, therefore, potentially
affected by a bug that could allow an attacker to execute arbitrary
code on the  remote host if the option memory_limit is set. Another
bug in the function strip_tags() may allow an attacker to bypass
content restrictions when submitting data and may lead to cross-site 
scripting issues.");
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/4_3_8.php");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP 4.3.8.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2004-2024 Tenable Network Security, Inc.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported)
  audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

if (version =~ "^4\.3\.[0-7]($|[^0-9])")
{
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  Version source     : '+source +
      '\n  Installed version  : '+version+
      '\n  Fixed version      : 4.3.8\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
VendorProductVersionCPE
phpphpcpe:/a:php:php

Related

openvas 16
nessus 13
redhat 2
osv 2
slackware 1
gentoo 1
debian 3
packetstorm 1
nvd 2
canvas 1
cvelist 2
freebsd 2
securityvulns 4
cve 2
suse 1
exploitpack 1
exploitdb 1
openvas
openvas
Debian Security Advisory DSA 669-1 (php3)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200407-13 (PHP)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-669-1)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-669-1 : php3 - several vulnerabilities
2005-02-10 00:00:00
SUSE-SA:2004:021: php4/mod_php4
2004-07-25 00:00:00
Fedora Core 1 : php-4.3.8-1.1 (2004-222)
2004-07-24 00:00:00
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
osv
osv
php4 - several vulnerabilities
2004-07-20 00:00:00
php3 - several
2005-02-07 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
packetstorm
packetstorm
mambo453.txt
2006-02-26 00:00:00
nvd
nvd
CVE-2004-0595
2004-07-27 04:00:00
CVE-2004-0594
2004-07-27 04:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
cvelist
cvelist
CVE-2004-0595
2004-07-16 04:00:00
CVE-2004-0594
2004-07-16 04:00:00
freebsd
freebsd
php -- strip_tags cross-site scripting vulnerability
2004-07-07 00:00:00
php -- memory_limit related vulnerability
2004-07-07 00:00:00
securityvulns
securityvulns
Mambo Multiple Vulnerabilities
2006-02-25 00:00:00
[Full-Disclosure] Advisory 12/2004: PHP strip_tags&#40;&#41; bypass vulnerability
2004-07-14 00:00:00
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
cve
cve
CVE-2004-0595
2004-07-27 04:00:00
CVE-2004-0594
2004-07-27 04:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18
exploitpack
exploitpack
Mambo 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
exploitdb
exploitdb
Mambo &lt; 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.939

Percentile

99.2%

JSON
Related for PHP_STRIP_TAGS_MEMORY_LIMIT_VULN.NASL
openvas16nessus13redhat2osv2slackware1gentoo1debian3packetstorm1nvd2canvas1cvelist2freebsd2securityvulns4cve2suse1exploitpack1exploitdb1