also check for debian version number

modules/exploits/multi/http/joomla_http_header_rce.rb

@@ -19,8 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote
           by sending an UTF-8 character. The custom created payload is then executed once the session is read
           from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13.
           In later versions the deserialisation of invalid session data stops on the first error and the
-          exploit will not work. On Ubuntu the PHP Patch was included in versions 5.5.9+dfsg-1ubuntu4.13 and
+          exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and
-          5.3.10-1ubuntu3.20.
+          5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.
       },
       'Author'	=>
         [
@@ -67,20 +67,20 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     php_version, rest = res.headers['X-Powered-By'].scan(/PHP\/([\d\.]+)(?:-(.+))?/i).flatten || ''
-    vprint_status("Found PHP version: #{php_version}")
-
     version = Gem::Version.new(php_version)
     vulnerable = false
 
-    # check for ubuntu specific versions. Was fixed in
+    # check for ubuntu and debian specific versions. Was fixed in
     # * 5.5.9+dfsg-1ubuntu4.13
     # * 5.3.10-1ubuntu3.20
-    # Changelogs (search for CVE-2015-6835):
+    # * 5.4.45-0+deb7u1
+    # Changelogs (search for CVE-2015-6835 or #70219):
     #   http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.5.9+dfsg-1ubuntu4.13/changelog
     #   http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.20/changelog
+    #   http://metadata.ftp-master.debian.org/changelogs/main/p/php5/php5_5.4.45-0+deb7u2_changelog
     if rest && rest.include?('ubuntu')
       sub_version = rest.scan(/^\dubuntu([\d\.]+)/i).flatten.first || ''
-      vprint_status("Found Ubuntu PHP version: #{php_version}-#{sub_version}")
+      vprint_status("Found Ubuntu PHP version: #{res.headers['X-Powered-By']}")
 
       if version > Gem::Version.new('5.5.9')
         vulnerable = false
@@ -91,7 +91,19 @@ class Metasploit3 < Msf::Exploit::Remote
       else
         vulnerable = true
       end
+    elsif rest && rest.include?('+deb')
+      sub_version = rest.scan(/^\d+\+deb([\du]+)/i).flatten.first || ''
+      vprint_status("Found Debian PHP version: #{res.headers['X-Powered-By']}")
+
+      if version > Gem::Version.new('5.4.45')
+        vulnerable = false
+      elsif version == Gem::Version.new('5.4.45') && sub_version != '7u1'
+        vulnerable = false
+      else
+        vulnerable = true
+      end
     else
+      vprint_status("Found PHP version: #{res.headers['X-Powered-By']}")
       vulnerable = true if version <= Gem::Version.new('5.4.44')
       vulnerable = true if version.between?(Gem::Version.new('5.5.0'), Gem::Version.new('5.5.28'))
       vulnerable = true if version.between?(Gem::Version.new('5.6.0'), Gem::Version.new('5.6.12'))