430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2019-11043 exposes Web servers using nginx and PHP-FPM to hack

asty PHP7 remote code execution bug exploited in the wild Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert […]

PHP flaw CVE-2024-4577

asty PHP7 remote code execution bug exploited in the wild

Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild.

A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild.

On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM, the FastCGI Process Manager (FPM) for PHP.

The researchers also shared a link to the PoC code published on the GitHub repository.

The CVE-2019-11043 flaw doesn’t request specific skills to be exploited and take over servers, it is an env_path_info underflow flaw in PHP-FPM’s fpm_main.c. Thin means that the issue only impacts NGINX servers with PHP-FPM enabled.

The flaw was first reported to the PHP bug-tracker by security expert Emil Lerner on September 26, 2019 that also credited the researcher Andrew Danau for the issue. Danau discovered the vulnerability during a Capture The Flag competition in September 2019.

Lerner explained that the vulnerability could be exploited to gain remote code execution under certain configurations where a web server is using nginx and PHP-FPM,

“The PoC script included in the GitHub repository can query a target web server to identify whether or not it is vulnerable by sending specially crafted requests.” reads the analysis published by Tenable. “Once a vulnerable target has been identified, attackers can send specially crafted requests by appending “?a=” in the URL to a vulnerable web server.”

On October 24, PHP maintainers released PHP 7.3.11 (current stable) and PHP 7.2.24 (old stable) that addressed the CVE-2019-11043 vulnerability. Administrators using nginx with PHP-FPM urge to upgrade their installs as soon as possible.

The maintainers also suggested a workaround that consists in either by including the try_files directive or using an if statement, such as if (-f $uri).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CVE-2019-11043, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]