{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP", "versions": [{"lessThan": "7.1.33", "status": "affected", "version": "7.1.x", "versionType": "custom"}, {"lessThan": "7.2.24", "status": "affected", "version": "7.2.x", "versionType": "custom"}, {"lessThan": "7.3.11", "status": "affected", "version": "7.3.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Reported by Emil Lerner."}], "datePublic": "2019-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution."}], "exploits": [{"lang": "en", "value": "Exploit described at https://github.com/neex/phuip-fpizdam"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T17:07:18", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/neex/phuip-fpizdam"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=78599"}, {"name": "USN-4166-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4166-1/"}, {"name": "DSA-4552", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4552"}, {"name": "DSA-4553", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4553"}, {"name": "USN-4166-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4166-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "FEDORA-2019-4adc49a476", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191031-0003/"}, {"name": "RHSA-2019:3286", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3286"}, {"name": "RHSA-2019:3287", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3287"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "RHSA-2019:3300", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3300"}, {"name": "FEDORA-2019-187ae3128d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/"}, {"name": "FEDORA-2019-7bb07c3b02", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/"}, {"name": "openSUSE-SU-2019:2441", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html"}, {"name": "RHSA-2019:3724", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3724"}, {"name": "RHSA-2019:3735", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3735"}, {"name": "RHSA-2019:3736", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3736"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_36"}, {"name": "openSUSE-SU-2019:2457", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210919"}, {"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/44"}, {"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jan/40"}, {"name": "RHSA-2020:0322", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0322"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-14"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=78599"], "discovery": "EXTERNAL"}, "title": "Underflow in PHP-FPM can lead to RCE", "workarounds": [{"lang": "en", "value": "Configuring nginx (or other server that implements the front-end part of the FPM protocol) to check for the existence of the target file before passing it to PHP FPM (e.g. \"try_files $uri =404\" or \"if (-f $uri)\" in nginx) for would prevent this vulnerability from happening."}], "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@php.net", "DATE_PUBLIC": "2019-10-22T03:18:00.000Z", "ID": "CVE-2019-11043", "STATE": "PUBLIC", "TITLE": "Underflow in PHP-FPM can lead to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_affected": "<", "version_name": "7.1.x", "version_value": "7.1.33"}, {"version_affected": "<", "version_name": "7.2.x", "version_value": "7.2.24"}, {"version_affected": "<", "version_name": "7.3.x", "version_value": "7.3.11"}]}}]}, "vendor_name": "PHP"}]}}, "credit": [{"lang": "eng", "value": "Reported by Emil Lerner."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution."}]}, "exploit": [{"lang": "en", "value": "Exploit described at https://github.com/neex/phuip-fpizdam"}], "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/neex/phuip-fpizdam", "refsource": "MISC", "url": "https://github.com/neex/phuip-fpizdam"}, {"name": "https://bugs.php.net/bug.php?id=78599", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=78599"}, {"name": "USN-4166-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4166-1/"}, {"name": "DSA-4552", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4552"}, {"name": "DSA-4553", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4553"}, {"name": "USN-4166-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4166-2/"}, {"name": "https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp;utm_medium=RSS"}, {"name": "FEDORA-2019-4adc49a476", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/"}, {"name": "https://security.netapp.com/advisory/ntap-20191031-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191031-0003/"}, {"name": "RHSA-2019:3286", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3286"}, {"name": "RHSA-2019:3287", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3287"}, {"name": "RHSA-2019:3299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "RHSA-2019:3300", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3300"}, {"name": "FEDORA-2019-187ae3128d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/"}, {"name": "FEDORA-2019-7bb07c3b02", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/"}, {"name": "openSUSE-SU-2019:2441", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html"}, {"name": "RHSA-2019:3724", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3724"}, {"name": "RHSA-2019:3735", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3735"}, {"name": "RHSA-2019:3736", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3736"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_36", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_36"}, {"name": "openSUSE-SU-2019:2457", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html"}, {"name": "https://support.apple.com/kb/HT210919", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210919"}, {"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/44"}, {"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jan/40"}, {"name": "RHSA-2020:0322", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0322"}, {"name": "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html"}, {"name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14"}]}, "source": {"defect": ["https://bugs.php.net/bug.php?id=78599"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Configuring nginx (or other server that implements the front-end part of the FPM protocol) to check for the existence of the target file before passing it to PHP FPM (e.g. \"try_files $uri =404\" or \"if (-f $uri)\" in nginx) for would prevent this vulnerability from happening."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.064Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/neex/phuip-fpizdam"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=78599"}, {"name": "USN-4166-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4166-1/"}, {"name": "DSA-4552", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4552"}, {"name": "DSA-4553", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4553"}, {"name": "USN-4166-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4166-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "FEDORA-2019-4adc49a476", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191031-0003/"}, {"name": "RHSA-2019:3286", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3286"}, {"name": "RHSA-2019:3287", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3287"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "RHSA-2019:3300", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3300"}, {"name": "FEDORA-2019-187ae3128d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/"}, {"name": "FEDORA-2019-7bb07c3b02", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/"}, {"name": "openSUSE-SU-2019:2441", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html"}, {"name": "RHSA-2019:3724", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3724"}, {"name": "RHSA-2019:3735", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3735"}, {"name": "RHSA-2019:3736", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3736"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_36"}, {"name": "openSUSE-SU-2019:2457", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210919"}, {"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/44"}, {"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Jan/40"}, {"name": "RHSA-2020:0322", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0322"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-14"}]}]}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2019-11043", "datePublished": "2019-10-28T14:19:04.252868Z", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2024-09-16T23:31:14.209Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1C2F51F-19AA-4313-AE96-59F46F55D200", "versionEndExcluding": "7.1.33", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6F43FF3-D1EB-473C-9B3A-96C21F63117D", "versionEndExcluding": "7.2.24", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C83E2A-D2FD-4A12-BD6A-6D48EDFFACC4", "versionEndExcluding": "7.3.11", "versionStartIncluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF", "versionEndExcluding": "5.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "6DAA8C42-870A-42B4-AE9F-7C67F4122ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "2FF1A19F-8A15-471A-B496-E1B4BA788356", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "EAD7EC1D-5979-42E6-9DA6-355B53431F3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "AE49DCA5-1B01-4478-A1E9-2E87E948A0C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "00966AC5-1C84-4B5F-9665-5E99D4AEB3A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "0D04F433-CB52-4F3D-8711-39D3BDA27FE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "07332196-7E36-4E95-81BC-DD959629C1BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "6D8D654F-2442-4EA0-AF89-6AC2CD214772", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F505D098-2143-4218-A528-D92BFC017FFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "96E5CEC7-D3B9-4895-96E9-E26D2ACF1AE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution."}, {"lang": "es", "value": "En PHP versiones 7.1.x anteriores a la versi\u00f3n 7.1.33, versiones 7.2.x anteriores a la versi\u00f3n 7.2.24 y versiones 7.3.x anteriores a 7.3.11, en ciertas configuraciones del FPM setup, es posible causar que el m\u00f3dulo FPM escriba m\u00e1s all\u00e1 de los b\u00faferes asignados en el espacio reservado para datos de protocolo FCGI, abriendo as\u00ed la posibilidad de ejecuci\u00f3n de c\u00f3digo remota."}], "id": "CVE-2019-11043", "lastModified": "2024-07-16T17:52:59.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "security@php.net", "type": "Secondary"}]}, "published": "2019-10-28T15:15:13.863", "references": [{"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html"}, {"source": "security@php.net", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jan/40"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3286"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3287"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3300"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3724"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3735"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3736"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0322"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=78599"}, {"source": "security@php.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/neex/phuip-fpizdam"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/44"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191031-0003/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210919"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4166-1/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4166-2/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4552"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4553"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_36"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-14"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "security@php.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:3287", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "php-0:5.3.3-50.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-10-31T00:00:00Z"}, {"advisory": "RHSA-2019:3286", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "php-0:5.4.16-46.1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-10-31T00:00:00Z"}, {"advisory": "RHSA-2020:2835", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "php-0:5.4.16-46.1.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-07-07T00:00:00Z"}, {"advisory": "RHSA-2019:3735", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.2-8010020191030112723.dcfb48bd", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3736", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.3-8010020191030161321.dcfb48bd", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2020:0322", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "php:7.2-8000020191113103901.5d58a046", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-02-03T00:00:00Z"}, {"advisory": "RHSA-2019:3724", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-php70-php-0:7.0.27-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3300", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3724", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3300", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3724", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3300", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3724", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3300", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3724", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-11-06T00:00:00Z"}], "bugzilla": {"description": "php: underflow in env_path_info in fpm_main.c", "id": "1766378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766378"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-787", "details": ["In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution."], "mitigation": {"lang": "en:us", "value": "1) Check your nginx configuration files, specially the ones related to php-fpm for presence of pattern bellow on fastcgi_split_path_info regex and PATH_INFO parameter:\n~~~\nfastcgi_split_path_info ^(.+?\\.php)(/.*)$;\nfastcgi_param PATH_INFO $fastcgi_path_info;\n~~~\n2) If fastcgi_split_path_info regex matches with the one above, for each fastcgi_param PATH_INFO entry perform the following change:\n~~~\nfastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;\n~~~\nThis step will allow you to safely continue using PATH_INFO parameter while the patch is not applied.\n3) Restart your nginx instance:\n~~~\nsystemctl restart nginx\n~~~"}, "name": "CVE-2019-11043", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}], "public_date": "2019-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11043\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11043\nhttps://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue only affects instances running php-fpm under nginx server software as environment paths and parameters are handled by different code pieces depending on the server php-fpm is running under. The code where this issue is found is used exclusively when php-fpm detects the request came through an nginx server.\nRed Hat Product Security team rated this issue as having a Critical security impact as an attacker may take advantage from the existing bug to cause Remote Code Execution on network exposed software.", "threat_severity": "Critical", "upstream_fix": "php 7.3.11, php 7.2.24, php 7.1.33"}