Lucene search

K
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.PHP_7_4_3.NASL
HistoryFeb 28, 2020 - 12:00 a.m.

PHP 7.2.x < 7.2.28 / PHP 7.3.x < 7.3.15 / 7.4.x < 7.4.3 Multiple Vulnerabilities

2020-02-2800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86

7.7 High

AI Score

Confidence

High

According to its banner, the version of PHP running on the remote web server is either 7.2.x prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities:

  • A heap-based buffer overflow condition exists in phar_extract_file() function due to incorrect loop termination. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2020-7061)

  • A denial of service (DoS) vulnerability exists in PHP SessionUpload Progress functions due to Null Pointer Dereference. An unauthenticated, remote attacker can exploit this issue to cause the php service to stop responding. (CVE-2020-7062)

  • An Insecure File Permissions on the buildFromIterator function gives all access permission to Tar files. (CVE-2020-7063)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(134162);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/25");

  script_cve_id("CVE-2020-7061", "CVE-2020-7062", "CVE-2020-7063");

  script_name(english:"PHP 7.2.x < 7.2.28 / PHP 7.3.x < 7.3.15 / 7.4.x < 7.4.3 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The version of PHP running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP running on the remote web
server is either 7.2.x prior to 7.2.28, 7.3.x prior to 7.3.15, or 
7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities:

  - A heap-based buffer overflow condition exists in phar_extract_file() 
    function due to incorrect loop termination. An unauthenticated, remote 
    attacker can exploit this to cause a denial of service condition or the 
    execution of arbitrary code. (CVE-2020-7061)

  - A denial of service (DoS) vulnerability exists in PHP SessionUpload 
    Progress functions due to Null Pointer Dereference. An unauthenticated,
    remote attacker can exploit this issue to cause the php service to stop
    responding. (CVE-2020-7062)
    
 - An Insecure File Permissions on the buildFromIterator function gives all 
    access permission to Tar files. (CVE-2020-7063)");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.2.28");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.3.15");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.4.3");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 7.2.28, 7.3.15, 7.4.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7061");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP", "installed_sw/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}
include('http.inc');
include('vcf.inc');
include('audit.inc');

port = get_http_port(default:80, php:TRUE);
app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);

backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');

if ((report_paranoia < 2) && backported) audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');

constraints = [
    {'min_version':'7.2.0alpha1', 'fixed_version':'7.2.28'},
    {'min_version':'7.3.0alpha1', 'fixed_version':'7.3.15'},
    {'min_version':'7.4.0alpha1', 'fixed_version':'7.4.3'}
    ];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersion
phpphp

7.7 High

AI Score

Confidence

High

Related for PHP_7_4_3.NASL