According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, ‘safe_mode’ and ‘open_basedir’ bypasses, and clobbering of super-globals.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(24907);
script_version("1.29");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2006-6383",
"CVE-2007-0905",
"CVE-2007-0906",
"CVE-2007-0907",
"CVE-2007-0908",
"CVE-2007-0909",
"CVE-2007-0910",
"CVE-2007-0988",
"CVE-2007-1376",
"CVE-2007-1380",
"CVE-2007-1383",
"CVE-2007-1452",
"CVE-2007-1453",
"CVE-2007-1454",
"CVE-2007-1700",
"CVE-2007-1701",
"CVE-2007-1824",
"CVE-2007-1825",
"CVE-2007-1835",
"CVE-2007-1884",
"CVE-2007-1885",
"CVE-2007-1886",
"CVE-2007-1887",
"CVE-2007-1889",
"CVE-2007-1890",
"CVE-2007-4441",
"CVE-2007-4586"
);
script_bugtraq_id(
21508,
22496,
22805,
22806,
22862,
22922,
23119,
23120,
23219,
23233,
23234,
23235,
23236,
23237,
23238
);
script_name(english:"PHP < 5.2.1 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple flaws.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is older than 5.2.1. Such versions may be affected by several
issues, including buffer overflows, format string vulnerabilities,
arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and
clobbering of super-globals.");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/5_2_1.php");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.2.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 119, 189, 399);
script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/09");
script_set_attribute(attribute:"patch_publication_date", value:"2007/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(
port : port,
exit_on_fail : TRUE
);
version = php["ver"];
source = php["src"];
backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
if (report_paranoia < 2 && backported)
audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
if (version =~ "^5\.[01]\." ||
version =~ "^5\.2\.0($|[^0-9])"
)
{
if (report_verbosity > 0)
{
report =
'\n Version source : '+source +
'\n Installed version : '+version+
'\n Fixed version : 5.2.1\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4586
www.php.net/releases/5_2_1.php