The version of php72 installed on the remote host is prior to 7.2.26-1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1921 advisory.

    2024-02-28: CVE-2019-11045 was added to this advisory.

    2024-02-28: CVE-2019-11049 was added to this advisory.

    2024-02-28: CVE-2019-11044 was added to this advisory.

    2024-02-28: CVE-2019-11046 was added to this advisory.

    2024-02-28: CVE-2019-11047 was added to this advisory.

    2024-02-28: CVE-2019-11050 was added to this advisory.

    A flaw was discovered in the link function in PHP.  When compiled on Windows, it does not correctly handle     paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths.
    (CVE-2019-11044)

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts     filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security     vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some     systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with     string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can     read to disclosure of the content of some memory locations. (CVE-2019-11046)

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in     PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what     will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
    (CVE-2019-11047)

    In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function,     due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in     lowercase, this can result in double-freeing certain memory locations. (CVE-2019-11049)

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in     PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what     will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
    (CVE-2019-11050)

    cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements,     which allows a heap-based buffer overflow (4-byte out-of-bounds write). (CVE-2019-18218)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : php72 (ALAS-2024-1921)

critical Nessus Plugin ID 190708

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.3 Mar 5, 2024, 5:50 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202403051750
Version 1.2 Mar 5, 2024, 7:01 AM CVE (set "CVE" coverage to "CVE-2019-11044,CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11049,CVE-2019-11050,CVE-2019-18218") CVSS metrics ("CVSSv2 score" set to 7.5. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P". "CVSSv3 score" set to 9.8. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2019-18218" to "CVE-2019-11049") CVSSv2 severity (based on CVE-2019-11049, severity increased from "Medium" to "High") Exploit attributes ("Exploitability ease" changed from "Exploits are available" to "No known exploits are available") Plugin metadata Plugin Feed: 202403050701
Version 1.2 Mar 5, 2024, 2:40 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202403051440
Version 1.1 Feb 20, 2024, 3:54 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202402201554