The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554)

  - php: Uninitialized read in exif_process_IFD_in_TIFF (CVE-2019-9641)

  - The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a     valid network IP address, which allows remote attackers to obtain network information and facilitate other     attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.
    NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way     that is similar to strcpy's role in buffer overflows, in which case this would be a class of     implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a     security-relevant manner. (CVE-2006-4023)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

Detections

Analytics

RHEL 6 : php (Unpatched Vulnerability)

critical Nessus Plugin ID 198558

Version 1.8

Version 1.6

Version 1.5

Version 1.4

Version 1.2

Version 1.1

Version 1.8 Oct 24, 2024, 2:46 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202410241446
Version 1.6 Oct 9, 2024, 6:56 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410090656
Version 1.5 Oct 8, 2024, 5:16 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410080516
Version 1.4 Jul 15, 2024, 7:53 AM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202407150753
Version 1.2 Jun 4, 2024, 8:32 AM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202406040832
Version 1.1 Jun 4, 2024, 3:18 AM New Plugin Feed: 202406040318