The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5927 advisory.

  - php: Password_verify() always return true with some hash (CVE-2023-0567)

  - php: 1-byte array overrun in common path resolve code (CVE-2023-0568)

  - php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)

  - php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP     (CVE-2023-3247)

  - php: XML loading external entity without being enabled (CVE-2023-3823)

  - php: phar Buffer mismanagement (CVE-2023-3824)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : php:8.0 (RHSA-2023:5927)

critical Nessus Plugin ID 183435

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.0

Version 1.3 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
Version 1.2 Jan 26, 2024, 11:18 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262318
Version 1.1 Jan 26, 2024, 9:00 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262100
Version 1.1 Oct 30, 2023, 4:49 PM CVSSv2 score source (changed from "CVE-2023-0568" to "CVE-2023-3824") CVSS metrics ("CVSSv2 score" changed from 7.6 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv3 score" changed from 8.1 to 9.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202310301649
Version 1.0 Oct 20, 2023, 4:14 AM New Plugin Feed: 202310200414
Version 1.0 Oct 30, 2023, 2:59 PM CVSS metrics ("CVSSv3 score" changed from 8.1 to 9.8) CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2023-0568" to "CVE-2023-3824") CVSS metrics ("CVSSv2 score" changed from 7.6 to 10.0) CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") Plugin Feed: 202310301459