The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5926 advisory.

  - php: Password_verify() always return true with some hash (CVE-2023-0567)

  - php: 1-byte array overrun in common path resolve code (CVE-2023-0568)

  - php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)

  - php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP     (CVE-2023-3247)

  - php: XML loading external entity without being enabled (CVE-2023-3823)

  - php: phar Buffer mismanagement (CVE-2023-3824)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 9 : php (RHSA-2023:5926)

critical Nessus Plugin ID 183400

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.0

Version 1.2 Jan 26, 2024, 11:18 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262318
Version 1.1 Oct 30, 2023, 4:49 PM CVSS metrics ("CVSSv2 score" changed from 7.6 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv3 score" changed from 8.1 to 9.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2023-0568" to "CVE-2023-3824") Plugin Feed: 202310301649
Version 1.1 Jan 26, 2024, 9:00 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262100
Version 1.0 Oct 19, 2023, 8:16 PM New Plugin Feed: 202310192016
Version 1.0 Oct 30, 2023, 2:59 PM CVSS metrics ("CVSSv2 score" changed from 7.6 to 10.0) CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" changed from 8.1 to 9.8) CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2023-0568" to "CVE-2023-3824") Plugin Feed: 202310301459