Lucene search
UbuntuUSN-4166-2HistoryOct 29, 2019 - 12:00 a.m.
PHP vulnerability
2019-10-2900:00:00
ubuntu.com
79
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.972
Percentile
99.9%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- php5 - HTML-embedded scripting language interpreter
Details
USN-4166-1 fixed a vulnerability in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain paths when being
used in FastCGI configurations. A remote attacker could possibly use this
issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libapache2-mod-php5 | < 5.5.9+dfsg-1ubuntu4.29+esm6 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5 | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5filter | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5filter-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libphp5-embed | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libphp5-embed-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cgi | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cgi-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cli | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
References
Related
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
2019-11-11 11:29:54
Exploit for Out-of-bounds Write in Php
2019-10-28 15:31:34
Exploit for Out-of-bounds Write in Php
2019-10-24 09:09:01
threatpost
threatpost
WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
2018-11-07 15:33:51
GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams
2019-04-26 17:47:01
PHP Bug Allows Remote Code-Execution on NGINX Servers
2019-10-28 16:18:11
openvas
openvas
PHP 'CVE-2019-11043' FPM Remote Code Execution Vulnerability (Version Check)
2019-10-25 00:00:00
Fedora Update for php FEDORA-2019-4adc49a476
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2819-1)
2021-06-09 00:00:00
f5
f5
K75408500 : PHP FPM vulnerability CVE-2019-11043
2019-10-30 00:00:00
redhat
redhat
(RHSA-2019:3287) Critical: php security update
2019-10-31 16:35:54
(RHSA-2020:0322) Critical: php:7.2 security update
2020-02-03 21:13:36
(RHSA-2019:3300) Critical: rh-php71-php security update
2019-11-01 12:22:29
oraclelinux
oraclelinux
php security update
2019-10-31 00:00:00
php security update
2019-10-31 00:00:00
php:7.2 security update
2019-11-23 00:00:00
nessus
nessus
CentOS 6 : php (CESA-2019:3287)
2019-11-04 00:00:00
Oracle Linux 6 : php (ELSA-2019-3287)
2019-11-04 00:00:00
SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2909-1)
2019-11-07 00:00:00
packetstorm
packetstorm
PHP-FPM 7.x Remote Code Execution
2020-03-05 00:00:00
exploitpack
exploitpack
PHP-FPM + Nginx - Remote Code Execution
2019-10-28 00:00:00
redhatcve
redhatcve
CVE-2019-11043
2019-10-29 16:34:45
ubuntucve
ubuntucve
CVE-2019-11043
2019-10-24 00:00:00
thn
thn
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks
2022-06-23 06:36:00
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
2019-10-26 19:03:00
rocky
rocky
php:7.3 security update
2019-11-06 13:15:46
php:7.2 security update
2019-11-06 13:15:34
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.11-alt1
2019-12-04 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.3.11-alt1
2019-11-19 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.11-alt1
2019-11-19 00:00:00
alpinelinux
alpinelinux
CVE-2019-11043
2019-10-28 15:15:13
osv
osv
Critical: php:7.3 security update
2019-11-06 13:15:46
CVE-2019-11043
2019-10-28 15:15:13
php7.0 - security update
2019-10-28 00:00:00
debian
debian
[SECURITY] [DSA 4552-1] php7.0 security update
2019-10-28 21:35:53
[SECURITY] [DLA 1970-1] php5 security update
2019-10-26 15:16:10
[SECURITY] [DSA 4553-1] php7.3 security update
2019-10-28 21:36:30
prion
prion
Remote code execution
2019-10-28 15:15:00
archlinux
archlinux
[ASA-201910-14] php: arbitrary code execution
2019-10-25 00:00:00
almalinux
almalinux
Critical: php:7.2 security update
2019-11-06 13:15:34
Critical: php:7.3 security update
2019-11-06 13:15:46
metasploit
metasploit
PHP-FPM Underflow RCE
2020-01-20 19:07:34
checkpoint_advisories
checkpoint_advisories
PHP FastCGI Process Manager Remote Code Execution (CVE-2019-11043)
2019-10-27 00:00:00
gentoo
gentoo
PHP: Arbitrary code execution
2019-10-25 00:00:00
ibm
ibm
exploitdb
exploitdb
PHP-FPM + Nginx - Remote Code Execution
2019-10-28 00:00:00
PHP-FPM - Underflow Remote Code Execution (Metasploit)
2020-03-09 00:00:00
nvd
nvd
CVE-2019-11043
2019-10-28 15:15:13
centos
centos
php security update
2019-11-01 22:23:48
php security update
2019-11-01 22:31:56
zdt
zdt
PHP-FPM 7.x Remote Code Execution Exploit
2020-03-06 00:00:00
PHP-FPM + Nginx - Remote Code Execution Exploit
2019-10-29 00:00:00
symantec
symantec
PHP CVE-2019-11043 Remote Code Execution Vulnerability
2019-10-24 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-05-10 23:28:09
impervablog
impervablog
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
2019-10-30 11:03:17
The State of Vulnerabilities in 2019
2020-01-23 08:56:58
suse
suse
Security update for php7 (important)
2019-11-05 00:00:00
Security update for php7 (important)
2019-11-09 00:00:00
hackerone
hackerone
amazon
amazon
Critical: php
2019-10-31 20:28:00
Critical: php71, php72, php73, php56
2019-10-31 20:13:00
fedora
fedora
[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31
2019-10-31 00:59:18
[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30
2019-11-03 00:13:06
[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29
2019-11-02 01:44:52
attackerkb
attackerkb
CVE-2019-11043
2019-10-28 00:00:00
debiancve
debiancve
CVE-2019-11043
2019-10-28 15:15:13
qualysblog
qualysblog
PHP Remote Code Execution Vulnerability (CVE-2019-11043)
2019-10-30 19:40:38
cisa_kev
cisa_kev
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
2022-03-25 00:00:00
cvelist
cvelist
CVE-2019-11043 Underflow in PHP-FPM can lead to RCE
2019-10-28 14:19:04
ubuntu
ubuntu
PHP vulnerability
2019-10-28 00:00:00
freebsd
freebsd
php -- env_path_info underflow in fpm_main.c can lead to RCE
2019-10-24 00:00:00
mageia
mageia
Updated php and pcre2 packages fix security vulnerabilities
2019-10-29 17:54:30
cve
cve
CVE-2019-11043
2019-10-28 15:15:13
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.972
Percentile
99.9%
Related for USN-4166-2