|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-10-29 | |
| Rule Name: | PHP-FPM Arbitrary Code Execution Vulnerability (CVE-2019-11043) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | https://bugs.php.net/bug.php?id=78599 https://github.com/neex/phuip-fpizdam |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://bugs.php.net/patch-display.php?bug_id=78599&patch=0001-Fix-bug-78599-env_path_info-underflow-can-lead-to-RC.patch&revision=latest |