CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.3%
According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the ‘chunk_split’, ‘strcspn’, and ‘strspn’ functions, and ‘safe_mode’ / ‘open_basedir’ bypasses.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(29833);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/31");
script_cve_id(
"CVE-2007-3378",
"CVE-2007-3799",
"CVE-2007-3997",
"CVE-2007-4657",
"CVE-2007-4658",
"CVE-2008-0145",
"CVE-2008-2108"
);
script_bugtraq_id(24661, 49631);
script_name(english:"PHP < 4.4.8 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple issues.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is older than 4.4.8. Such versions may be affected by several
issues, including integer overflows involving the 'chunk_split',
'strcspn', and 'strspn' functions, and 'safe_mode' / 'open_basedir'
bypasses.");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/4_4_8.php");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 4.4.8 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 119, 189, 264);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/30");
script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2008-2024 Tenable Network Security, Inc.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(
port : port,
exit_on_fail : TRUE
);
version = php["ver"];
source = php["src"];
backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
if (report_paranoia < 2 && backported)
audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
if (version =~ "^3\.|4\.[0-3]\." ||
version =~ "^4\.4\.[0-7]($|[^0-9])"
)
{
if (report_verbosity > 0)
{
report =
'\n Version source : '+source +
'\n Installed version : '+version+
'\n Fixed version : 4.4.8\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
www.php.net/releases/4_4_8.php
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.3%