Site icon API Security Blog

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : PHP vulnerabilities (USN-7049-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7049-1 advisory. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this issue to alter and inject arbitrary contents into log files. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-9026) Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More

Exit mobile version