7.5
CVSSv2

CVE-2019-11043

Published: 28/10/2019 Updated: 30/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

PHP-FPM could allow a remote malicious user to execute arbitrary code on the system, caused by an error on NGINX servers with PHP-FPM enabled. By sending a specially-crafted request and appending '?a=' in the URL to a vulnerable web server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
PhpPhp7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17, 7.1.18, 7.1.19, 7.1.20, 7.1.21, 7.1.22, 7.1.23, 7.1.24, 7.1.25, 7.1.26, 7.1.27, 7.1.28, 7.1.29, 7.1.30, 7.1.31, 7.1.32, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.2.11, 7.2.12, 7.2.13, 7.2.14, 7.2.15, 7.2.16, 7.2.17, 7.2.18, 7.2.19, 7.2.20, 7.2.21, 7.2.22, 7.2.23, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.10
CanonicalUbuntu Linux12.04, 14.04, 16.04, 18.04, 19.04, 19.10
DebianDebian Linux9.0, 10

Vendor Advisories

Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic An update for php is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which give ...
Synopsis Critical: rh-php70-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis Critical: php:72 security update Type/Severity Security Advisory: Critical Topic An update for the php:72 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic An update for php is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which give ...
Synopsis Critical: rh-php71-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis Critical: php:73 security update Type/Severity Security Advisory: Critical Topic An update for the php:73 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) bas ...
Debian Bug report logs - #943468 php-fpm: CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution on nginx Package: src:php73; Maintainer for src:php73 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Tobias Frost <tobi@debianorg> Date: Fri, 25 Oct 2019 07:24:02 UTC Se ...
PHP could be made to run programs if it received specially crafted network traffic ...
PHP could be made to run programs if it received specially crafted network traffic ...
Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups For the stable distribution (buster), this problem has been fixed in version 7311-1~deb10u1 We recommend that you upgrade your php73 packages For the detailed security status ...
Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups For the oldstable distribution (stretch), this problem has been fixed in version 7033-0+deb9u6 We recommend that you upgrade your php70 packages For the detailed security stat ...
Debian Bug report logs - #943764 php73: CVE-2019-11043 Package: src:php73; Maintainer for src:php73 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Oct 2019 14:21:02 UTC Severity: grave Tags: security, upstream Found in version php7 ...
In PHP versions 71x below 7133, 72x below 7224 and 73x below 7311 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution(CVE-2019-11043 ) ...
Arch Linux Security Advisory ASA-201910-14 ========================================== Severity: Critical Date : 2019-10-25 CVE-ID : CVE-2019-11043 Package : php Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1052 Summary ======= The package php before version 7311-1 is vulnerable to arbitrary ...
A buffer underflow issue has been found in the php-fpm component of php before 7311, leading to remote code execution in certain nginx + php-fpm configurations ...
In PHP versions 71x below 7133, 72x below 7224 and 73x below 7311 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution(CVE-2019-11043 ) ...
Synopsis Critical: rh-php72-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php72-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...

Exploits

# PHuiP-FPizdaM ## What's this This is an exploit for a bug in php-fpm (CVE-2019-11043) In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside This means that a web user may get code execution if you have vulnerable config (see [below](#the-full-list-of-preconditions)) ## What's vulnerable If a webserver r ...

Recent Articles

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
BleepingComputer • Ionut Ilascu • 15 Nov 2019

A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry as it was discovered on a Linux machine running Nextcloud server.
The malware targets Nextcloud instances and for the time being there is no free decryption tool available for victims.
xact64, a Nextcloud user, posted on the BleepingComputer forum some details about the malware in an attempt to find a way to decrypt personal files.
A...

Chrome bug squashed, QNAP NAS nasty hits, BlueKeep malware spreads, and more
The Register • Shaun Nichols in San Francisco • 04 Nov 2019

Including Spanish camgirl sites spill info, domain registrars hacked

Roundup Let's check out some of the more recent security happenings beyond what we've already covered.
Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe.
Mo...

PHP Bug Allows Remote Code-Execution on NGINX Servers
Threatpost • Tara Seals • 28 Oct 2019

A buffer underflow bug in PHP could allow remote code-execution (RCE) on targeted NGINX servers.
First discovered during a hCorem Capture the Flag competition in September, the bug (CVE-2019-11043) exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to researchers at Wallarm.
PHP powers about 30 percent of modern websites, including popular web platforms like WordPress and Drupal – but NGINX servers are only vulnerable if they have PHP-FPM e...