Security News > 2019 > October > New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
2019-10-26 19:04

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/FsBHt8lHiJo/nginx-php-fpm-hacking.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-10-28 CVE-2019-11043 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
network
low complexity
php canonical debian fedoraproject tenable redhat CWE-787
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
PHP 9 1 43 113 123 280
Nginx 2 0 3 1 4 8