The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8927 advisory. In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this May lead to arbitrary file inclusion in PHP. (CVE-2024-8927) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Azure Linux 3.0 Security Update: php (CVE-2024-8927)
