Lucene search
UbuntuUSN-4166-1HistoryOct 28, 2019 - 12:00 a.m.
PHP vulnerability
2019-10-2800:00:00
ubuntu.com
201
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Releases
- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- php7.0 - HTML-embedded scripting language interpreter
- php7.2 - HTML-embedded scripting language interpreter
- php7.3 - HTML-embedded scripting language interpreter
Details
It was discovered that PHP incorrectly handled certain paths when being
used in FastCGI configurations. A remote attacker could possibly use this
issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 19.10 | noarch | libapache2-mod-php7.3 | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | libapache2-mod-php7.3-dbgsym | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | libphp7.3-embed | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | libphp7.3-embed-dbgsym | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3 | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3-bcmath | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3-bcmath-dbgsym | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3-bz2 | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3-bz2-dbgsym | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
| Ubuntu | 19.10 | noarch | php7.3-cgi | < 7.3.11-0ubuntu0.19.10.1 | UNKNOWN |
References
Related
osv
osv
Critical: php:7.3 security update
2019-11-06 13:15:46
CVE-2019-11043
2019-10-28 15:15:13
Critical: php:7.2 security update
2019-11-06 13:15:34
exploitpack
exploitpack
PHP-FPM + Nginx - Remote Code Execution
2019-10-28 00:00:00
threatpost
threatpost
WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
2018-11-07 15:33:51
GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams
2019-04-26 17:47:01
PHP Bug Allows Remote Code-Execution on NGINX Servers
2019-10-28 16:18:11
nessus
nessus
CentOS 6 : php (CESA-2019:3287)
2019-11-04 00:00:00
EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2295)
2019-11-27 00:00:00
Oracle Linux 8 : php:7.2 (ELSA-2019-3735)
2019-11-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.11-alt1
2019-12-04 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.3.11-alt1
2019-11-19 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.11-alt1
2019-11-19 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
2019-11-11 11:29:54
Exploit for Out-of-bounds Write in Php
2019-10-28 15:31:34
Exploit for Out-of-bounds Write in Php
2019-11-06 15:44:47
redhatcve
redhatcve
CVE-2019-11043
2019-10-29 16:34:45
debian
debian
[SECURITY] [DSA 4552-1] php7.0 security update
2019-10-28 21:35:53
[SECURITY] [DLA 1970-1] php5 security update
2019-10-26 15:16:10
[SECURITY] [DSA 4553-1] php7.3 security update
2019-10-28 21:36:30
f5
f5
K75408500 : PHP FPM vulnerability CVE-2019-11043
2019-10-30 00:00:00
redhat
redhat
(RHSA-2019:3287) Critical: php security update
2019-10-31 16:35:54
(RHSA-2020:0322) Critical: php:7.2 security update
2020-02-03 21:13:36
(RHSA-2019:3300) Critical: rh-php71-php security update
2019-11-01 12:22:29
oraclelinux
oraclelinux
php security update
2019-10-31 00:00:00
php security update
2019-10-31 00:00:00
php:7.3 security update
2019-11-23 00:00:00
packetstorm
packetstorm
PHP-FPM 7.x Remote Code Execution
2020-03-05 00:00:00
thn
thn
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks
2022-06-23 06:36:00
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
2019-10-26 19:03:00
ubuntucve
ubuntucve
CVE-2019-11043
2019-10-24 00:00:00
rocky
rocky
php:7.3 security update
2019-11-06 13:15:46
php:7.2 security update
2019-11-06 13:15:34
alpinelinux
alpinelinux
CVE-2019-11043
2019-10-28 15:15:00
openvas
openvas
PHP 'CVE-2019-11043' FPM Remote Code Execution Vulnerability (Version Check)
2019-10-25 00:00:00
Fedora Update for php FEDORA-2019-4adc49a476
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2819-1)
2021-06-09 00:00:00
prion
prion
Remote code execution
2019-10-28 15:15:00
archlinux
archlinux
[ASA-201910-14] php: arbitrary code execution
2019-10-25 00:00:00
almalinux
almalinux
Critical: php:7.2 security update
2019-11-06 13:15:34
Critical: php:7.3 security update
2019-11-06 13:15:46
checkpoint_advisories
checkpoint_advisories
PHP FastCGI Process Manager Remote Code Execution (CVE-2019-11043)
2019-10-27 00:00:00
ibm
ibm
zdt
zdt
PHP-FPM 7.x Remote Code Execution Exploit
2020-03-06 00:00:00
PHP-FPM + Nginx - Remote Code Execution Exploit
2019-10-29 00:00:00
symantec
symantec
PHP CVE-2019-11043 Remote Code Execution Vulnerability
2019-10-24 00:00:00
gentoo
gentoo
PHP: Arbitrary code execution
2019-10-25 00:00:00
centos
centos
php security update
2019-11-01 22:23:48
php security update
2019-11-01 22:31:56
impervablog
impervablog
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
2019-10-30 11:03:17
The State of Vulnerabilities in 2019
2020-01-23 08:56:58
veracode
veracode
Remote Code Execution (RCE)
2020-05-10 23:28:09
fedora
fedora
[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31
2019-10-31 00:59:18
[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30
2019-11-03 00:13:06
[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29
2019-11-02 01:44:52
hackerone
hackerone
suse
suse
Security update for php7 (important)
2019-11-05 00:00:00
Security update for php7 (important)
2019-11-09 00:00:00
attackerkb
attackerkb
CVE-2019-11043
2019-10-28 00:00:00
amazon
amazon
Critical: php
2019-10-31 20:28:00
Critical: php71, php72, php73, php56
2019-10-31 20:13:00
qualysblog
qualysblog
PHP Remote Code Execution Vulnerability (CVE-2019-11043)
2019-10-30 19:40:38
debiancve
debiancve
CVE-2019-11043
2019-10-28 15:15:00
freebsd
freebsd
php -- env_path_info underflow in fpm_main.c can lead to RCE
2019-10-24 00:00:00
cisa_kev
cisa_kev
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
2022-03-25 00:00:00
mageia
mageia
Updated php and pcre2 packages fix security vulnerabilities
2019-10-29 17:54:30
cve
cve
CVE-2019-11043
2019-10-28 15:15:00
ubuntu
ubuntu
PHP vulnerability
2019-10-29 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Related for USN-4166-1