[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vulnerable PHP version according to nessus



On Wed, Dec 28, 2011 at 07:59:08AM +0000, Dave Henley wrote:
> When I scan my system for vulnerabillities with nessus I get the follwoing high risk output:
> 
> Synopsis: The remote web server uses a version of PHP that is affected by
> multiple vulnerabilities.
> 
> Description
> According to its banner, the version of PHP 5.3.x installed on the
> remote host is older than 5.3.7. 
> 
> Solution
> Upgrade to PHP 5.3.7 or later.
> 
> How do I solve this problem and make sure my system is not prone to any PHP vulnerabilities?


I would guess that Nessus just checks the version number without
taking into account the fact that Debian normally backports security
patches instead of upgrading to newer upstream version. You can
see from the changelog.Debian.gz which CVEs are patched.



Reply to: