This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:CTS:PHP-FPM-RCE
|
Severity |
Major
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
PHP FPM Remote Code Execution
|
Release Date |
2019/11/11
|
Update Number |
3224
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: PHP FPM Remote Code Execution
This signature detects attempts to exploit a known vulnerability against PHP FPM. A successful attack can lead to arbitrary code execution.
Extended Description
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Affected Products
- Canonical ubuntu_linux 12.04
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 19.04
- Canonical ubuntu_linux 19.10
- Debian debian_linux 10
- Debian debian_linux 9.0
- Php php 7.1.0
- Php php 7.1.1
- Php php 7.1.10
- Php php 7.1.11
- Php php 7.1.12
- Php php 7.1.13
- Php php 7.1.14
- Php php 7.1.15
- Php php 7.1.16
- Php php 7.1.17
- Php php 7.1.18
- Php php 7.1.19
- Php php 7.1.2
- Php php 7.1.20
- Php php 7.1.21
- Php php 7.1.22
- Php php 7.1.23
- Php php 7.1.24
- Php php 7.1.25
- Php php 7.1.26
- Php php 7.1.27
- Php php 7.1.28
- Php php 7.1.29
- Php php 7.1.3
- Php php 7.1.30
- Php php 7.1.31
- Php php 7.1.32
- Php php 7.1.4
- Php php 7.1.5
- Php php 7.1.6
- Php php 7.1.7
- Php php 7.1.8
- Php php 7.1.9
- Php php 7.2.0
- Php php 7.2.1
- Php php 7.2.10
- Php php 7.2.11
- Php php 7.2.12
- Php php 7.2.13
- Php php 7.2.14
- Php php 7.2.15
- Php php 7.2.16
- Php php 7.2.17
- Php php 7.2.18
- Php php 7.2.19
- Php php 7.2.2
- Php php 7.2.20
- Php php 7.2.21
- Php php 7.2.22
- Php php 7.2.23
- Php php 7.2.3
- Php php 7.2.4
- Php php 7.2.5
- Php php 7.2.6
- Php php 7.2.7
- Php php 7.2.8
- Php php 7.2.9
- Php php 7.3.0
- Php php 7.3.1
- Php php 7.3.10
- Php php 7.3.2
- Php php 7.3.3
- Php php 7.3.4
- Php php 7.3.5
- Php php 7.3.6
- Php php 7.3.7
- Php php 7.3.8
- Php php 7.3.9
References