vicidial.org

[josnad]

Hi every one

I have install a vicidial 11,SO OpenSuse 15.5, SVN 3831, asterisk 16.30.0-vici, ram 8G, this severs are in cluster.

A vulnerability has been found with php 7.4.33 of version 11 of vicidial.

Criticism: Version detection not compatible with PHP (port: 80 - 443)

[mflorell]

What is the exact vulnerability that was found?

[josnad]

The scan was done by the Nessus app


Vulnerabilities
58987 - PHP Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a
result, it is likely to contain security vulnerabilities.
See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess


The same scan was carried out for version 10 of vicidial with OS 15.3 and this vulnerability did not appear

[josnad]

Hi

Any know some solution for this vulnerability?

[alo]

your message does not seem to imply that there is any specific vulnerability at all. other then the fact its out dated and I suppose that could be considered a vulnerability itself. do you update vicibox 11 after installing?

[josnad]

Of course, but then if there is an update that corrects the reported error, what is it?

1 2024-05-16 07:16:28 yast lan
2 2024-05-16 07:18:16 ip a
3 2024-05-16 12:26:33 zypper update -y
4 2024-05-16 12:48:13 reboot

513 packages were installed

[carpenox]

its because php 7.4 is EOL, however vicidial doesnt support php8 just yet

[mflorell]

We just committed hundreds of changes to our PHP codebase for PHP8 support in VICIdial. Check out svn/trunk revision 3863 or higher to test it out!