PHP Bug Allows Remote Code-Execution on NGINX Servers

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,729
123,837
8,399
Content source
https://threatpost.com/php-bug-rce-nginx-servers/149593/
A buffer underflow bug in PHP could allow remote code-execution (RCE) on targeted NGINX servers.
First discovered during a hCorem Capture the Flag competition in September, the bug (CVE-2019-11043) exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to researchers at Wallarm.
PHP powers about 30 percent of modern websites, including popular web platforms like WordPress and Drupal – but NGINX servers are only vulnerable if they have PHP-FPM enabled (a non-default optimization feature that allows servers to execute scripts faster).
The issue is patched in PHP versions 7.3.11, 7.2.24 and 7.1.33, which were released last week.
Click to expand...
threatpost.com

PHP Bug Allows RCE on NGINX Servers

CVE-2019-11043 is trivial to exploit — and a proof of concept is available.
threatpost.com threatpost.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: upnorth, Venustus, [correlate] and 1 other person
You must log in or register to reply here.

You may also like...