Detections
Analytics
PHP 5.6.0 Multiple Vulnerabilities
high Nessus Plugin ID 78556
Language:
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilitiesDescription
According to its banner, the version of PHP installed on the remote host is a development version of 5.6.0. It is, therefore, affected by multiple vulnerabilities.Note that Nessus has not attempted to exploit this issue but has instead relied only on application's self-reported version number.
Solution
Upgrade to the stable version of PHP 5.6.0 or later.See Also
http://www.nessus.org/u?ab45889c
Plugin Details
Severity: High
ID: 78556
File Name: php_5_6_0.nasl
Version: 1.7
Type: remote
Family: CGI abuses
Published: 10/17/2014
Updated: 5/31/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-3515
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 6/3/2014
Vulnerability Publication Date: 5/22/2014
Reference Information
CVE: CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0236, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
BID: 64018, 65533, 65596, 65668, 66002, 66233, 66406, 67118, 67759, 67765, 67837, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68348, 68423, 68511, 68513, 69322, 69325, 69375, 90957