PHP Xdebug Module Unauthenticated RCE (exploit)

critical Nessus Plugin ID 112210

Synopsis

The remote web server has a PHP debugging extension loaded that is affected by a remote command execution vulnerability.

Description

The PHP Xdebug module installed on the remote host is configured in a vulnerable manner and is less than or equal to version 2.5.5.
Therefore, it is vulnerable to a remote command execution vulnerability. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the remote host.

Solution

Upgrade to Xdebug version 2.60 or later. Additionally, the following line may be removed from the Xdebug configuration:
xdebug.remote_connect_back= true

See Also

http://www.nessus.org/u?bc8ca583

https://paper.seebug.org/397/

https://www.rapid7.com/db/modules/exploit/unix/http/xdebug_unauth_exec

Plugin Details

Severity: Critical

ID: 112210

File Name: xdebug_unauth_rce.nbin

Version: 1.52

Type: remote

Family: CGI abuses

Published: 8/31/2018

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Unauthenticated system-level access.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:xdebug:xdebug

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Patch Publication Date: 11/13/2015

Vulnerability Publication Date: 11/13/2015