PHP Detection Scanner
This scanner detects the use of PHP versions in digital assets. It identifies instances where PHP versions have surpassed their End-of-Life (EOL) and no longer receive security updates.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 7 hours
Scan only one
URL
Toolbox
PHP is a widely-used open-source scripting language that is especially suited for web development and can be embedded into HTML. It is utilized by developers globally to build robust applications from simple websites to complex enterprise systems. As new versions with better features and security patches are released, older versions eventually lose support and stop receiving security updates. Monitoring for these EOL versions is crucial for maintaining security in any PHP-based environment. This scanner is designed to identify PHP versions that are no longer maintained, allowing administrators to be aware of potential security risks in their systems.
The detection scanner identifies PHP versions that have reached End-of-Life (EOL) status. End-of-Life refers to when a particular version stops receiving updates, making it susceptible to vulnerabilities due to lack of patches. By detecting the use of these outdated versions, organizations can assess their risk and prioritize updates to secure more recent releases that are actively maintained. The scanner specifically checks for versions below 8.0.0 and identifies them based on server headers or other relevant indicators.
The technical details involve examining headers such as "X-Powered-By" or "Server" where PHP versions are often displayed. Utilizing regular expressions, the scanner extracts the PHP version numbers from these headers. It matches versions that are older than 8.0.0, flagging them as outdated and potentially insecure due to a lack of security updates. This mechanism ensures that assets running these obsolete versions are rapidly identified for further action.
When PHP versions that are past their End-of-Life are used, they may not receive critical security patches. This leaves the applications running on these versions exposed to vulnerabilities that could be exploited by adversaries. Potential effects include unauthorized access, data breaches, and other security compromises. Upgrading is vital to protect against new threats and take advantage of improvements in newer PHP iterations.
REFERENCES
