Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-0126-1.NASLHistoryJan 15, 2021 - 12:00 a.m.
SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)
2021-01-1500:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
suse sles12
security update
php74
cve-2020-7071
parse_url
suse-su-2021:0126-1
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0.006
Percentile
77.7%
This update for php74 fixes the following issue :
CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:0126-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(145019);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/30");
script_cve_id("CVE-2020-7071");
script_xref(name:"IAVA", value:"2021-A-0009-S");
script_name(english:"SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for php74 fixes the following issue :
CVE-2020-7071: Fixed an insufficient filter in parse_url() that
accepted URLs with invalid userinfo (bsc#1180706).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1180706");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7071/");
# https://www.suse.com/support/update/announcement/2021/suse-su-20210126-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cfadd571");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP5 :
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-126=1
SUSE Linux Enterprise Module for Web Scripting 12 :
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-126=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7071");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/15");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php74");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php74-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-bcmath-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-bz2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-calendar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ctype-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-dba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-dom-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-enchant-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-exif-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fastcgi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fileinfo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-fpm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ftp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gettext-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-gmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-iconv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-intl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-json-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-ldap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-mbstring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-odbc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-opcache-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pcntl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pdo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-pgsql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-phar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-posix-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-readline-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-shmop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-snmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-soap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sockets-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sodium");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sodium-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sqlite-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvmsg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvsem-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-sysvshm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-tidy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-tokenizer-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlreader-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlrpc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xmlwriter-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-xsl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-zip-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-zlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php74-zlib-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php74-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php74-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-bcmath-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-bcmath-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-bz2-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-bz2-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-calendar-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-calendar-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ctype-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ctype-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-curl-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-curl-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-dba-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-dba-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-debugsource-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-dom-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-dom-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-enchant-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-enchant-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-exif-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-exif-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fastcgi-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fastcgi-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fileinfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fileinfo-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fpm-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-fpm-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ftp-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ftp-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gd-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gd-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gettext-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gettext-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gmp-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-gmp-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-iconv-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-iconv-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-intl-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-intl-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-json-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-json-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ldap-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-ldap-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-mbstring-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-mbstring-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-mysql-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-mysql-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-odbc-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-odbc-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-opcache-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-opcache-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-openssl-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-openssl-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pcntl-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pcntl-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pdo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pdo-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pgsql-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-pgsql-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-phar-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-phar-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-posix-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-posix-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-readline-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-readline-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-shmop-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-shmop-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-snmp-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-snmp-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-soap-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-soap-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sockets-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sockets-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sodium-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sodium-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sqlite-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sqlite-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvmsg-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvmsg-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvsem-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvsem-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvshm-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-sysvshm-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-tidy-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-tidy-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-tokenizer-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-tokenizer-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlreader-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlreader-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlrpc-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlrpc-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlwriter-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xmlwriter-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xsl-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-xsl-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-zip-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-zip-debuginfo-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-zlib-7.4.6-1.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php74-zlib-debuginfo-7.4.6-1.16.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php74");
}
Related
nessus
nessus
openSUSE Security Update : php7 (openSUSE-2021-106)
2021-01-25 00:00:00
Fedora 32 : php (2021-ca0e53d310)
2021-01-20 00:00:00
PHP 7.3.x < 7.3.26 / 7.4.x < 7.4.14 / 8.x < 8.0.1 Input Validation Error
2021-01-14 00:00:00
archlinux
archlinux
[ASA-202101-9] php: insufficient validation
2021-01-12 00:00:00
[ASA-202107-15] php: multiple issues
2021-07-06 00:00:00
[ASA-202107-16] php7: multiple issues
2021-07-06 00:00:00
openvas
openvas
PHP < 7.3.26, 7.4.x < 7.4.14, 8.0.x < 8.0.1 Filter Vulnerability (Jan 2021) - Linux
2021-01-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0126-1)
2021-06-09 00:00:00
Fedora: Security Advisory for php (FEDORA-2021-ca0e53d310)
2021-01-16 00:00:00
nvd
nvd
CVE-2020-7071
2021-02-15 04:15:12
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33
2021-01-14 01:40:08
[SECURITY] Fedora 32 Update: php-7.4.14-1.fc32
2021-01-16 01:23:34
osv
osv
CVE-2020-7071
2021-02-15 04:15:12
BIT-php-2020-7071
2024-03-06 11:05:46
php5, php7.0 vulnerabilities
2021-07-13 12:01:13
cve
cve
CVE-2020-7071
2021-02-15 04:15:12
alpinelinux
alpinelinux
CVE-2020-7071
2021-02-15 04:15:12
veracode
veracode
Privilege Escalation
2021-01-07 17:05:16
cbl_mariner
cbl_mariner
CVE-2020-7071 affecting package php 7.4.14-3
2024-09-28 21:12:13
ubuntucve
ubuntucve
CVE-2020-7071
2021-02-15 00:00:00
debiancve
debiancve
CVE-2020-7071
2021-02-15 04:15:12
mageia
mageia
Updated php packages fix security vulnerability
2021-01-14 18:13:25
cvelist
cvelist
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo
2021-02-15 04:10:16
suse
suse
Security update for php7 (moderate)
2021-01-17 00:00:00
Security update for php7 (moderate)
2021-01-18 00:00:00
prion
prion
Design/Logic Flaw
2021-02-15 04:15:00
redhatcve
redhatcve
CVE-2020-7071
2021-01-07 17:44:44
gentoo
gentoo
PHP: Multiple vulnerabilities
2021-05-26 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2021-07-13 00:00:00
PHP vulnerabilities
2021-07-07 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
debian
debian
[SECURITY] [DLA 2708-1] php7.0 security update
2021-07-15 13:01:58
[SECURITY] [DSA 4856-1] php7.3 security update
2021-02-17 22:08:33
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
redhat
redhat
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0.006
Percentile
77.7%
Related for SUSE_SU-2021-0126-1.NASL