The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3997 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3997-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                           Chris Lamb     December 21, 2024                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : php-laravel-framework     Version        : 6.20.14+dfsg-2+deb11u2     CVE ID         : CVE-2024-52301     Debian Bug     : 1088189

    It was discovered that there was a remotely exploitable vulnerability     in php-laravel-framework, a popular web application framework written     in PHP.

    When the register_argc_argv php directive was set to on and users     called a URL with a specially-crafted query string, they were able to     change the environment used by the framework when handling the     request.

    Laravel now ignores argv values for environment detection on non-CLI     APIs.

    For Debian 11 bullseye, this problem has been fixed in version     6.20.14+dfsg-2+deb11u2.

    We recommend that you upgrade your php-laravel-framework packages.

    For the detailed security status of php-laravel-framework please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/php-laravel-framework

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3997 : php-illuminate-auth - security update

high Nessus Plugin ID 213314

Version 1.2

Version 1.1

Version 1.2 Aug 26, 2025, 5:34 PM CVSS metrics ("CVSSv2 score" set to 7.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N") CVSSv2 severity (based on CVE-2024-52301, severity increased from "Medium" to "High") Plugin Feed: 202508261734
Version 1.1 Dec 21, 2024, 8:22 PM New Plugin Feed: 202412212022