Bugzilla – Attachment 22156 Details for
Bug 57949
VUL-0: CVE-2004-0595: remote vuln in PHP
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
patchinfo.mod_php4
patchinfo.mod_php4 (text/plain), 919 bytes, created by
Thomas Biege
on 2004-07-14 19:25:01 UTC
(
hide
)
Description:
patchinfo.mod_php4
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2004-07-14 19:25:01 UTC
Size:
919 bytes
patch
obsolete
>DISTRIBUTION: 7.2-s390,sles7-i386,sles7-ia64,sles7-ppc,sles7-s390x,sles8-ppc,sles8-s390,sles8-s390x,sles9-i386,sles9-ia64,sles9-ppc,sles9-s390,sles9-s390x,sles9-x86_64,ul1-i386,ul1-ia64,ul1-x86_64 >PACKAGE: mod_php4 >PACKAGER: tcrhak@suse.cz >BUGZILLA: 42949 >CATEGORY: security >INDICATIONS: Everyone using PHP4 should update. >CONTRAINDICATIONS: >CD-Produkt-Name: >CD-Produkt-Version: >REQUIRES: >DESCRIPTION: >Security Update: >This update fix' two security vulnerabilities in mod_php4. >The frist and less important bug can be exploited by remote attackers >to bypass HTML tag filtering (cross-site-scripting prevention) by supplying >special tags. These kind of tags should be ignored because they are not >valid but they get accepted by some commercial web-browsers. >The second and latter bug can be exploited by remote attackers by triggering >the memory_limit in unsafe states of a PHP execution path to execute arbitrary >code.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=22156">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 57949
:
22155
| 22156