PHP End Of Life Detection (Linux)

Published: 2016-09-15 05:00:00

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
The PHP version on the remote host has reached the end of life and should not be used anymore.

Impact:
An end of life version of PHP is not receiving any security updates from the vendor. Unfixed security vulnerabilities might be leveraged by an attacker to compromise the security of this host.

Technical Details:
Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases. After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports. Once the three years of support are completed, the branch reaches its end of life and is no longer supported.

Recommendations:
Update the PHP version on the remote host to a still supported version.

Detection Method:
Checks if a vulnerable version is present on the target host.

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

References:

https://secure.php.net/supported-versions.php
https://secure.php.net/eol.php

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.