Detections
Analytics

TencentOS Server 3: php:8.2 (TSSA-2025:0824)

high Nessus Plugin ID 271146

Synopsis

The remote TencentOS Server 3 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0824 advisory.

 Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

 CVE-2024-8929:
 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

 CVE-2024-11233:
 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

 CVE-2024-11234:
 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and request_fulluri option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

 CVE-2025-1217:
 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

 CVE-2025-1219:
 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content- typeheader is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

 CVE-2025-1734:
 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

 CVE-2025-1736:
 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

 CVE-2025-1861:
 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20250824.xml

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861

Plugin Details

Severity: High

ID: 271146

File Name: tencentos_TSSA_2025_0824.nasl

Version: 1.1

Type: local

Published: 10/22/2025

Updated: 10/22/2025

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:tencent:tencentos_server:libzip, p-cpe:/a:tencent:tencentos_server:php, p-cpe:/a:tencent:tencentos_server:php-pecl-zip, cpe:/o:tencent:tencentos_server:3, p-cpe:/a:tencent:tencentos_server:php-pecl-apcu, p-cpe:/a:tencent:tencentos_server:php-pecl-xdebug3, p-cpe:/a:tencent:tencentos_server:php-pear, p-cpe:/a:tencent:tencentos_server:php-pecl-rrd

Required KB Items: Host/local_checks_enabled, Host/etc/os-release, Host/TencentOS/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2025

Vulnerability Publication Date: 9/11/2025