In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)

  - Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not     blocked. (CVE-2020-28948)

  - Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate     checking of symbolic links, a related issue to CVE-2020-28948. (CVE-2020-36193)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7628 advisory.

  - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing     functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains     URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus     interpreting the filename differently from what the user intended, which may lead it to reading a     different file than intended. (CVE-2021-21707)

  - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions     with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to     trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of     other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
    (CVE-2021-21708)

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:3198-2 advisory.

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7628 advisory.

    - fix password of excessive length triggers buffer overflow leading to RCE       CVE-2022-31626
    - fix SSRF bypass in FILTER_VALIDATE_URL       CVE-2021-21705
    - fix Local privilege escalation via PHP-FPM       CVE-2021-21703

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7628 advisory.

  - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing     functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains     URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus     interpreting the filename differently from what the user intended, which may lead it to reading a     different file than intended. (CVE-2021-21707)

  - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions     with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to     trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of     other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
    (CVE-2021-21708)

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7628 advisory.

  - php: Special character breaks path in xml parsing (CVE-2021-21707)

  - php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)

  - php-pear: Directory traversal vulnerability (CVE-2021-32610)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7628 advisory.

    PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

    The following packages have been upgraded to a later upstream version: php (7.4.30), php-pear (1.10.13).
    (BZ#2055422)

    Security Fix(es):

    * php: Special character breaks path in xml parsing (CVE-2021-21707)

    * php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)

    * php-pear: Directory traversal vulnerability (CVE-2021-32610)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3198-1 advisory.

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of php-pear installed on the remote host is prior to 1.10.12-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1708 advisory.

  - Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate     checking of symbolic links, a related issue to CVE-2020-28948. (CVE-2020-36193)

  - In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different     vulnerability than CVE-2020-36193. (CVE-2021-32610)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5027-2 advisory.

    USN-5027-1 fixed a vulnerability in PEAR. This update provides the corresponding update for Ubuntu 16.04     ESM.



Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5027-1 advisory.

    It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could     possibly use this issue to execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.82, 8.9.x prior to 8.9.17, 9.1.x prior to 9.1.11 or 9.2.x prior to 9.2.2. It is, therefore, affected by a vulnerability due to the PEAR Archive_Tar library used by Drupal.

The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.82, 8.9.x prior to 8.9.17, 9.1.x prior to 9.1.11, or 9.2.x prior to 9.2.2. It is, therefore, affected by a vulnerability.

  - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts     Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive_Tar library is     not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib or custom code     uses the library to extract tar archives (for example .tar, .tar.gz, .bz2, or .tlz) which come from a     potentially untrusted source. This advisory is not covered by Drupal Steward. (CVE-2021-32610)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202472	RHEL 8 : php-pear (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196109	RHEL 6 : php-pear (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
196107	RHEL 7 : php-pear (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
184576	Rocky Linux 8 : php:7.4 (RLSA-2022:7628)	Nessus	Rocky Linux Local Security Checks	critical
171196	openSUSE 15 Security Update : php8-pear (SUSE-SU-2022:3198-2)	Nessus	SuSE Local Security Checks	high
167528	Oracle Linux 8 : php:7.4 (ELSA-2022-7628)	Nessus	Oracle Linux Local Security Checks	critical
167429	AlmaLinux 8 : php:7.4 (ALSA-2022:7628)	Nessus	Alma Linux Local Security Checks	critical
167186	CentOS 8 : php:7.4 (CESA-2022:7628)	Nessus	CentOS Local Security Checks	critical
167091	RHEL 8 : php:7.4 (RHSA-2022:7628)	Nessus	Red Hat Local Security Checks	critical
164903	SUSE SLES15 Security Update : php8-pear (SUSE-SU-2022:3198-1)	Nessus	SuSE Local Security Checks	high
153637	EulerOS 2.0 SP8 : php-pear (EulerOS-SA-2021-2480)	Nessus	Huawei Local Security Checks	high
153424	Amazon Linux 2 : php-pear (ALAS-2021-1708)	Nessus	Amazon Linux Local Security Checks	high
152229	Ubuntu 16.04 ESM : PEAR vulnerability (USN-5027-2)	Nessus	Ubuntu Local Security Checks	high
152143	Ubuntu 18.04 LTS / 20.04 LTS : PEAR vulnerability (USN-5027-1)	Nessus	Ubuntu Local Security Checks	high
112919	Drupal 7.x < 7.82 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
112918	Drupal 8.9.x < 8.9.17 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
112917	Drupal 9.1.x < 9.1.11 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
112916	Drupal 9.2.x < 9.2.2 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
151932	Drupal 7.x < 7.82 / 8.9.x < 8.9.17 / 9.1.x < 9.1.11 / 9.2.x < 9.2.2 Drupal Vulnerability (SA-CORE-2021-004)	Nessus	CGI abuses	high

Detections

Analytics

CVE-2021-32610

high

Tenable Plugins

high

high

high

critical

high

critical

critical

critical

critical

high

high

high

high

high

high

high

high

high

high