Vulnerability Details : CVE-2019-11043
Public exploit exists!
Used for ransomware!
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Vulnerability category: Execute code
Products affected by CVE-2019-11043
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Threat overview for CVE-2019-11043
Top countries where our scanners detected CVE-2019-11043
Top open port discovered on systems with this issue
80
IPs affected by CVE-2019-11043 171,989
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-11043!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2019-11043 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-11043
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2019-11043
96.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-11043
-
PHP-FPM Underflow RCE
Disclosure Date: 2019-10-22First seen: 2020-04-26exploit/multi/http/php_fpm_rceThis module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certains Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exp
CVSS scores for CVE-2019-11043
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
8.7
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
2.2
|
5.8
|
PHP Group |
CWE ids for CVE-2019-11043
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: security@php.net (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11043
-
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
PHP-FPM 7.x Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://www.tenable.com/security/tns-2021-14
[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31 - package-announce - Fedora Mailing-Lists
-
https://usn.ubuntu.com/4166-2/
USN-4166-2: PHP vulnerability | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3300
RHSA-2019:3300 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3299
RHSA-2019:3299 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Jan/40
Full Disclosure: APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High SierraMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3287
RHSA-2019:3287 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29 - package-announce - Fedora mailing-listsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20191031-0003/
CVE-2019-11043 PHP Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.debian.org/security/2019/dsa-4553
Debian -- Security Information -- DSA-4553-1 php7.3Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3286
RHSA-2019:3286 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugs.php.net/bug.php?id=78599
PHP :: Sec Bug #78599 :: env_path_info underflow in fpm_main.c can lead to RCEExploit;Issue Tracking;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31 - package-announce - Fedora mailing-listsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
[security-announce] openSUSE-SU-2019:2457-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
[security-announce] openSUSE-SU-2019:2441-1: important: Security updateMailing List;Third Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_19_36
Synology Inc.Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30 - package-announce - Fedora Mailing-Lists
-
https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
PHP FPM vulnerability CVE-2019-11043Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0322
RHSA-2020:0322 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS
-
https://access.redhat.com/errata/RHSA-2019:3736
RHSA-2019:3736 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2019/dsa-4552
Debian -- Security Information -- DSA-4552-1 php7.0Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30 - package-announce - Fedora mailing-listsMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3735
RHSA-2019:3735 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/4166-1/
USN-4166-1: PHP vulnerability | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3724
RHSA-2019:3724 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/neex/phuip-fpizdam
GitHub - neex/phuip-fpizdam: Exploit for CVE-2019-11043Exploit;Third Party Advisory
-
https://support.apple.com/kb/HT210919
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra - Apple SupportThird Party Advisory
-
https://seclists.org/bugtraq/2020/Jan/44
Bugtraq: APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High SierraMailing List;Third Party Advisory
Jump to