[ZBX-25764] Zabbix 7.2 - Nessus scan - Plugin #58987 - Critical - PHP Unsupported Version Detection Created: 2024 Dec 18  Updated: 2025 Jan 16  Resolved: 2025 Jan 16

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Appliance (L)
Affects Version/s: 7.2.0
Fix Version/s: 6.0.38rc1, 7.0.9rc1, 7.2.3rc1, 7.4.0alpha1

Type: Problem report Priority: Trivial
Reporter: Michael Krell Assignee: Marks Sunins
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 0h
Time Spent: 2h
Original Estimate: Not Specified

Attachments: PNG File Nessus-Zabbix-7.2.0_Screenshot-1-2024-12-18-111914_REDACTED.png     PNG File Nessus-Zabbix-7.2.0_Screenshot-2-2024-12-18-111914_REDACTED.png    
Team: Team B
Sprint: Sprint candidates
Story Points: 0.25

 Description   

While performing a security audit of a new Zabbix install our Nessus scanner detected a critical warning regarding the PHP version in use by Zabbix.

**
Scan Results : 
CRITICAL: PHP Unsupported Version Detection
Description :
According to its version, the installation of PHP on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Solution :
Upgrade to a version of PHP that is currently supported.

See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess

Output

  Source              : X-Powered-By: PHP/8.0.30
  Installed version   : 8.0.30
  End of support date : 2023/11/26
  Announcement        : http://php.net/supported-versions.php
  Supported versions  : 8.1.x / 8.2.x / 8.3.x

Hosts :
80 / tcp / www    
[REDACTED_IPV4_PRIVATE_ADDRESS]

Nessus version : 
Nessus Professional Version 10
Version 10.0.2 (#291) LINUX
Steps to reproduce:

  1. Deployed Zabbix Appliance in new environment.
  2. Executed basic setup, assigned IP address, reset account credentials, etc.
  3. Initiated new scan - selected Basic Network Scan, entered assigned IP address, executed scan.  
  4. Reviewed the generated Nessus report and obtained the attached, redacted screenshots (Private IP addresses and hostnames removed).  

Result:

Nessus flags the host as being out of date; due to our network security policies, we will be unable to deploy Zabbix into production without updating these packages.

Expected:
There should be no Critical-level issues in our Nessus scan results.

FYI - this is the first case I have opened here.  If corrections are needed to the fields, etc, my apologies. 

 Comments   
Comment by Tomass Janis Bross [ 2024 Dec 19 ]

Hello Michael,

Zabbix v7.2 supports PHP versions from 8.0 0 to 8.3.X. As long as you are able to update your PHP version (OS allows PHP version >8.0), this should not be an issue.
See all requirements and supported versions here: https://www.zabbix.com/documentation/current/en/manual/installation/requirements

Comment by Marks Sunins [ 2025 Jan 15 ]

Fixed for Zabbix versions 6.0+. Appliance PHP version updated to 8.2 (latest supported on Alma 8).

Generated at Fri May 02 06:54:14 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.