Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-25764

Zabbix 7.2 - Nessus scan - Plugin #58987 - Critical - PHP Unsupported Version Detection

XMLWordPrintable

    • Sprint candidates
    • 0.25

      While performing a security audit of a new Zabbix install our Nessus scanner detected a critical warning regarding the PHP version in use by Zabbix.

      **
      Scan Results : 
      CRITICAL: PHP Unsupported Version Detection
      Description :
      According to its version, the installation of PHP on the remote host is no longer supported.

      Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

      Solution :
      Upgrade to a version of PHP that is currently supported.

      See Also
      http://php.net/eol.php
      https://wiki.php.net/rfc/releaseprocess

      Output

        Source              : X-Powered-By: PHP/8.0.30
        Installed version   : 8.0.30
        End of support date : 2023/11/26
        Announcement        : http://php.net/supported-versions.php
        Supported versions  : 8.1.x / 8.2.x / 8.3.x

      Hosts :
      80 / tcp / www    
      [REDACTED_IPV4_PRIVATE_ADDRESS]

      Nessus version : 
      Nessus Professional Version 10
      Version 10.0.2 (#291) LINUX
      Steps to reproduce:

      1. Deployed Zabbix Appliance in new environment.
      2. Executed basic setup, assigned IP address, reset account credentials, etc.
      3. Initiated new scan - selected Basic Network Scan, entered assigned IP address, executed scan.  
      4. Reviewed the generated Nessus report and obtained the attached, redacted screenshots (Private IP addresses and hostnames removed).  

      Result:

      Nessus flags the host as being out of date; due to our network security policies, we will be unable to deploy Zabbix into production without updating these packages.

      Expected:
      There should be no Critical-level issues in our Nessus scan results.

      FYI - this is the first case I have opened here.  If corrections are needed to the fields, etc, my apologies. 

            msunins Marks Sunins
            mkrell-tm Michael Krell
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h