The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4088 advisory. ————————————————————————- Debian LTS Advisory DLA-4088-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 20, 2025 https://wiki.debian.org/LTS ————————————————————————- Package : php7.4 Version : 7.4.33-1+deb11u8 CVE ID : CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in HTTP request smuggling, validation bypass or denial of service. CVE-2025-1217 Tim Dsterhus discovered that the header parser of the `http` stream wrapper does not handle folded headers and passes incorrect MIME types to an attached stream notifier. CVE-2025-1219 Tim Dsterhus discovered that when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong `content-type` header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1734 It was discovered that the streams HTTP wrapper does not fail for headers with invalid name and no colon,…Read More