The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11234 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and request_fulluri option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. (CVE-2024-11234) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Azure Linux 3.0 Security Update: php (CVE-2024-11234)
