App Services
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. App Services

      Outdate PHP Version

      Risk Level: Medium

      Description

      This plugin ensures the latest version of PHP is installed for all App Services. Installing the latest version of PHP will reduce the security risk of missing security patches and updated features.

      Configuration Parameter

      Latest PHP Version: This parameter denotes the latest version of PHP should be installed on all AppServices. An alert will be generated if the PHP version is outdated.

      By default the value is set to 7.3, therefore any older version of PHP will return a vulnerability.

      About the Service

      App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data. 

      Impact

      The latest version of any software comes not only with improved features but also with security patches for loopholes that existed in the previous versions. Thus, selecting older versions of Software in the runtime stack provides threat actors with a loophole to damage and misuse the application’s resources and assets.

      Steps to Reproduce

      1. Login to azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on Configuration under Settings.
      5. Go to the General settings section.
      6. Under Stack settings, if the Stack is set to PHP, then check the PHP version. If the value is set to ‘Off’ or any other older version, go to the Steps for Remediation section to remove the issue.

      NOTE: As of 27 November 2021, the latest version for PHP is PHP7.4

      Steps for Remediation

      1. Login to azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on Configuration under Settings.
      5. Go to the General settings section.
      6. Under Stack settings if the Stack is set to PHP, then check the PHP version. If the value is set to ‘Off’ or any other older version, click on the drop-down menu and select the latest version available.

      NOTE: As of 27 November 2021, the latest version for PHP is PHP7.4.

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support