Signature Detail

HTTP: PHP strip_tags Cross-Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability against PHP. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

It is reported that it is possible to bypass PHPs strip_tags() function. It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place. This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers. It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.

Affected Products

• Apple mac_os_x 10.0.0
• Apple mac_os_x 10.0.0 3
• Apple mac_os_x 10.0.1
• Apple mac_os_x 10.0.2
• Apple mac_os_x 10.0.3
• Apple mac_os_x 10.0.4
• Apple mac_os_x 10.1.0
• Apple mac_os_x 10.1.1
• Apple mac_os_x 10.1.2
• Apple mac_os_x 10.1.3
• Apple mac_os_x 10.1.4
• Apple mac_os_x 10.1.5
• Apple mac_os_x 10.2.0
• Apple mac_os_x 10.2.1
• Apple mac_os_x 10.2.2
• Apple mac_os_x 10.2.3
• Apple mac_os_x 10.2.4
• Apple mac_os_x 10.2.5
• Apple mac_os_x 10.2.6
• Apple mac_os_x 10.2.7
• Apple mac_os_x 10.2.8
• Apple mac_os_x 10.3.0
• Apple mac_os_x 10.3.1
• Apple mac_os_x 10.3.2
• Apple mac_os_x 10.3.3
• Apple mac_os_x 10.3.4
• Apple mac_os_x 10.3.5
• Apple mac_os_x 10.3.6
• Apple mac_os_x 10.3.7
• Apple mac_os_x_server 10.0.0
• Apple mac_os_x_server 10.1.0
• Apple mac_os_x_server 10.1.1
• Apple mac_os_x_server 10.1.2
• Apple mac_os_x_server 10.1.3
• Apple mac_os_x_server 10.1.4
• Apple mac_os_x_server 10.1.5
• Apple mac_os_x_server 10.2.0
• Apple mac_os_x_server 10.2.1
• Apple mac_os_x_server 10.2.2
• Apple mac_os_x_server 10.2.3
• Apple mac_os_x_server 10.2.4
• Apple mac_os_x_server 10.2.5
• Apple mac_os_x_server 10.2.6
• Apple mac_os_x_server 10.2.7
• Apple mac_os_x_server 10.2.8
• Apple mac_os_x_server 10.3.0
• Apple mac_os_x_server 10.3.1
• Apple mac_os_x_server 10.3.2
• Apple mac_os_x_server 10.3.3
• Apple mac_os_x_server 10.3.4
• Apple mac_os_x_server 10.3.5
• Apple mac_os_x_server 10.3.6
• Apple mac_os_x_server 10.3.7
• Avaya converged_communications_server 2.0.0
• Avaya integrated_management
• Avaya s8300 R2.0.0
• Avaya s8300 R2.0.1
• Avaya s8500 R2.0.0
• Avaya s8500 R2.0.1
• Avaya s8700 R2.0.0
• Avaya s8700 R2.0.1
• Hp hp-ux B.11.00
• Hp hp-ux B.11.11
• Hp hp-ux B.11.22
• Hp hp-ux B.11.23
• Php php 4.0.0 0
• Php php 4.0.1
• Php php 4.0.2
• Php php 4.0.3
• Php php 4.0.4
• Php php 4.0.5
• Php php 4.0.6
• Php php 4.0.7
• Php php 4.1.0 .0
• Php php 4.1.1
• Php php 4.1.2
• Php php 4.2.0 .0
• Php php 4.2.1
• Php php 4.2.2
• Php php 4.2.3
• Php php 4.3.0
• Php php 4.3.1
• Php php 4.3.2
• Php php 4.3.3
• Php php 4.3.5
• Php php 4.3.6
• Php php 4.3.7
• Php php 5.0.0 Candidate 1
• Php php 5.0.0 Candidate 2
• Php php 5.0.0 Candidate 3
• Red_hat desktop 3.0.0
• Red_hat enterprise_linux_as 3
• Red_hat enterprise_linux_es 3
• Red_hat enterprise_linux_ws 3
• Red_hat fedora Core1
• Red_hat fedora Core2
• Red_hat stronghold 4.0.0
• Slackware linux 10.0.0
• Slackware linux 10.1.0
• Slackware linux 8.1.0
• Slackware linux 9.0.0
• Slackware linux 9.1.0
• Slackware linux -Current
• Trustix secure_enterprise_linux 2.0.0
• Trustix secure_linux 1.5.0
• Trustix secure_linux 2.0.0
• Trustix secure_linux 2.1.0

References

• BugTraq: 10724
• CVE: CVE-2004-0595