guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory.

    It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could     possibly use these issues to perform an HTTP header injection attack.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.16 or 9.3.x prior to 9.3.9. It is, therefore, affected by a vulnerability.

  - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to     improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The     issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. (CVE-2022-24775)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.16 or 9.3.x prior to 9.3.9. It is, therefore, affected by an improper header parsing due to its usage of a third party component, Guzzle library for handling HTTP requests and responses to external services. An attacker could sneak in a new line character and pass untrusted values.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191432	Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)	Nessus	Ubuntu Local Security Checks	high
159145	Drupal 9.2.x < 9.2.16 / 9.3.x < 9.3.9 Drupal Vulnerability (SA-CORE-2022-006)	Nessus	CGI abuses	high
113209	Drupal 9.2.x < 9.2.16 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
113208	Drupal 9.3.x < 9.3.9 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high

Detections

Analytics

CVE-2022-24775

high

Tenable Plugins

high

high

high

high