-
Problem report
-
Resolution: Fixed
-
Trivial
-
7.2.0
-
None
-
Sprint candidates
-
0.25
While performing a security audit of a new Zabbix install our Nessus scanner detected a critical warning regarding the PHP version in use by Zabbix.
**
Scan Results :
CRITICAL: PHP Unsupported Version Detection
Description :
According to its version, the installation of PHP on the remote host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Solution :
Upgrade to a version of PHP that is currently supported.
See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess
Output
Source : X-Powered-By: PHP/8.0.30
Installed version : 8.0.30
End of support date : 2023/11/26
Announcement : http://php.net/supported-versions.php
Supported versions : 8.1.x / 8.2.x / 8.3.x
Hosts :
80 / tcp / www
[REDACTED_IPV4_PRIVATE_ADDRESS]
Nessus version :
Nessus Professional Version 10
Version 10.0.2 (#291) LINUX
Steps to reproduce:
- Deployed Zabbix Appliance in new environment.
- Executed basic setup, assigned IP address, reset account credentials, etc.
- Initiated new scan - selected Basic Network Scan, entered assigned IP address, executed scan.
- Reviewed the generated Nessus report and obtained the attached, redacted screenshots (Private IP addresses and hostnames removed).
Result:
Nessus flags the host as being out of date; due to our network security policies, we will be unable to deploy Zabbix into production without updating these packages.
Expected:
There should be no Critical-level issues in our Nessus scan results.
FYI - this is the first case I have opened here. If corrections are needed to the fields, etc, my apologies.