PHP Bug Allows Remote Code-Execution on NGINX Servers

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
Content source
https://threatpost.com/php-bug-rce-nginx-servers/149593/
A buffer underflow bug in PHP could allow remote code-execution (RCE) on targeted NGINX servers.
First discovered during a hCorem Capture the Flag competition in September, the bug (CVE-2019-11043) exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to researchers at Wallarm.
PHP powers about 30 percent of modern websites, including popular web platforms like WordPress and Drupal – but NGINX servers are only vulnerable if they have PHP-FPM enabled (a non-default optimization feature that allows servers to execute scripts faster).
The issue is patched in PHP versions 7.3.11, 7.2.24 and 7.1.33, which were released last week.
Click to expand...
threatpost.com

PHP Bug Allows RCE on NGINX Servers

CVE-2019-11043 is trivial to exploit — and a proof of concept is available.
threatpost.com threatpost.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: upnorth, Venustus, [correlate] and 1 other person
You must log in or register to reply here.

Similar threads

CyberTech
    • +Reputation
Security News Veeam warns of critical bugs in Veeam ONE monitoring platform
Replies
0
Views
1,079
Security News
CyberTech
CyberTech
LASER_oneXM
    • Like
    • +Reputation
CISA warns of actively exploited Plex bug after LastPass breach
Replies
0
Views
562
News Archive
LASER_oneXM
LASER_oneXM
silversurfer
    • Like
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution,Takeover
Replies
0
Views
772
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top