The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7049-1 advisory.

    It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could     possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925)

    It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to     environment variable collisions. In certain configurations, an attacker could possibly use this issue     bypass force_redirect restrictions. (CVE-2024-8927)

    It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this     issue to alter and inject arbitrary contents into log files. This issue only affected Ubuntu 22.04 LTS,     and Ubuntu 24.04 LTS. (CVE-2024-9026)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : PHP vulnerabilities (USN-7049-1)

high Nessus Plugin ID 207997

Version 1.4