The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2992 advisory.

  - php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)

  - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)

  - php: URL decoding of cookie names can lead to different interpretation of cookies between browser and     server (CVE-2020-7070)

  - php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)

  - php: NULL pointer dereference in SoapClient (CVE-2021-21702)

  - php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : rh-php73-php (RHSA-2021:2992)

medium Nessus Plugin ID 152348

Version 1.8