Detections
Analytics

TencentOS Server 3: php:8.2 (TSSA-2024:1122)

high Nessus Plugin ID 239084

Synopsis

The remote TencentOS Server 3 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1122 advisory.

 Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

 CVE-2024-2756:
 Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a
 __Host-or __Secure-cookie by PHP applications.


 CVE-2024-3096:
 In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, ifa password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.



 CVE-2024-5458:
 In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

 CVE-2024-8925:
 In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed.
 This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

 CVE-2024-8927:
 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead tocgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.

 CVE-2024-9026:
 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it isconfigured to catch workers output through catch_workers_output = yes,it may be possible to pollute the final log orremove up to 4 characters from the log messages by manipulating log message content. Additionally, ifPHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20241122.xml

Plugin Details

Severity: High

ID: 239084

File Name: tencentos_TSSA_2024_1122.nasl

Version: 1.3

Type: local

Published: 6/16/2025

Updated: 12/4/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-8927

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:tencent:tencentos_server:php-pecl-zip, p-cpe:/a:tencent:tencentos_server:php-pecl-apcu, p-cpe:/a:tencent:tencentos_server:php-pear, p-cpe:/a:tencent:tencentos_server:php-pecl-rrd, cpe:/o:tencent:tencentos_server:3, p-cpe:/a:tencent:tencentos_server:php-pecl-xdebug3, p-cpe:/a:tencent:tencentos_server:libzip, p-cpe:/a:tencent:tencentos_server:php

Required KB Items: Host/local_checks_enabled, Host/etc/os-release, Host/TencentOS/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/11/2024

Vulnerability Publication Date: 12/11/2024

Reference Information

CVE: CVE-2024-2756, CVE-2024-3096, CVE-2024-5458, CVE-2024-8925, CVE-2024-8927, CVE-2024-9026