Lucene search
UbuntuUSN-4166-2HistoryOct 29, 2019 - 12:00 a.m.
PHP vulnerability
2019-10-2900:00:00
ubuntu.com
74
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- php5 - HTML-embedded scripting language interpreter
Details
USN-4166-1 fixed a vulnerability in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain paths when being
used in FastCGI configurations. A remote attacker could possibly use this
issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libapache2-mod-php5 | < 5.5.9+dfsg-1ubuntu4.29+esm6 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5 | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5filter | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapache2-mod-php5filter-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libphp5-embed | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libphp5-embed-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cgi | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cgi-dbgsym | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
| Ubuntu | 14.04 | noarch | php5-cli | < 5.5.9+dfsg-1ubuntu4.29 | UNKNOWN |
References
Related
checkpoint_advisories
checkpoint_advisories
PHP FastCGI Process Manager Remote Code Execution (CVE-2019-11043)
2019-10-27 00:00:00
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : php Vulnerability (NS-SA-2020-0001)
2020-01-20 00:00:00
Fedora 31 : php (2019-4adc49a476)
2019-10-31 00:00:00
Debian DLA-1970-1 : php5 security update
2019-10-28 00:00:00
thn
thn
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
2019-10-26 19:03:00
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks
2022-06-23 06:36:00
osv
osv
Critical: php:7.2 security update
2019-11-06 13:15:34
Critical: php:7.3 security update
2019-11-06 13:15:46
CVE-2019-11043
2019-10-28 15:15:13
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
2019-10-30 10:22:41
Exploit for Out-of-bounds Write in Php
2019-10-23 23:26:57
Exploit for Out-of-bounds Write in Php
2019-11-06 14:53:13
ibm
ibm
gentoo
gentoo
PHP: Arbitrary code execution
2019-10-25 00:00:00
centos
centos
php security update
2019-11-01 22:23:48
php security update
2019-11-01 22:31:56
redhat
redhat
(RHSA-2019:3286) Critical: php security update
2019-10-31 16:35:03
(RHSA-2019:3724) Critical: rh-php70-php security update
2019-11-06 09:11:17
(RHSA-2019:3735) Critical: php:7.2 security update
2019-11-06 13:15:34
openvas
openvas
Debian: Security Advisory (DSA-4552-1)
2019-10-30 00:00:00
CentOS Update for php CESA-2019:3287 centos6
2019-11-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2819-1)
2021-06-09 00:00:00
symantec
symantec
PHP CVE-2019-11043 Remote Code Execution Vulnerability
2019-10-24 00:00:00
zdt
zdt
PHP-FPM 7.x Remote Code Execution Exploit
2020-03-06 00:00:00
PHP-FPM + Nginx - Remote Code Execution Exploit
2019-10-29 00:00:00
rocky
rocky
php:7.2 security update
2019-11-06 13:15:34
php:7.3 security update
2019-11-06 13:15:46
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.11-alt1
2019-12-04 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.3.11-alt1
2019-11-19 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.11-alt1
2019-11-19 00:00:00
exploitpack
exploitpack
PHP-FPM + Nginx - Remote Code Execution
2019-10-28 00:00:00
packetstorm
packetstorm
PHP-FPM 7.x Remote Code Execution
2020-03-05 00:00:00
threatpost
threatpost
WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
2018-11-07 15:33:51
GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams
2019-04-26 17:47:01
PHP Bug Allows Remote Code-Execution on NGINX Servers
2019-10-28 16:18:11
oraclelinux
oraclelinux
php security update
2019-10-31 00:00:00
php security update
2019-10-31 00:00:00
php:7.3 security update
2019-11-23 00:00:00
redhatcve
redhatcve
CVE-2019-11043
2019-10-29 16:34:45
debian
debian
[SECURITY] [DSA 4552-1] php7.0 security update
2019-10-28 21:35:53
[SECURITY] [DLA 1970-1] php5 security update
2019-10-26 15:16:10
[SECURITY] [DSA 4553-1] php7.3 security update
2019-10-28 21:36:30
ubuntucve
ubuntucve
CVE-2019-11043
2019-10-24 00:00:00
alpinelinux
alpinelinux
CVE-2019-11043
2019-10-28 15:15:00
f5
f5
K75408500 : PHP FPM vulnerability CVE-2019-11043
2019-10-30 00:00:00
prion
prion
Remote code execution
2019-10-28 15:15:00
archlinux
archlinux
[ASA-201910-14] php: arbitrary code execution
2019-10-25 00:00:00
almalinux
almalinux
Critical: php:7.2 security update
2019-11-06 13:15:34
Critical: php:7.3 security update
2019-11-06 13:15:46
impervablog
impervablog
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
2019-10-30 11:03:17
The State of Vulnerabilities in 2019
2020-01-23 08:56:58
veracode
veracode
Remote Code Execution (RCE)
2020-05-10 23:28:09
fedora
fedora
[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31
2019-10-31 00:59:18
[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30
2019-11-03 00:13:06
[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29
2019-11-02 01:44:52
hackerone
hackerone
attackerkb
attackerkb
CVE-2019-11043
2019-10-28 00:00:00
suse
suse
Security update for php7 (important)
2019-11-05 00:00:00
Security update for php7 (important)
2019-11-09 00:00:00
qualysblog
qualysblog
PHP Remote Code Execution Vulnerability (CVE-2019-11043)
2019-10-30 19:40:38
amazon
amazon
Critical: php
2019-10-31 20:28:00
Critical: php71, php72, php73, php56
2019-10-31 20:13:00
debiancve
debiancve
CVE-2019-11043
2019-10-28 15:15:00
ubuntu
ubuntu
PHP vulnerability
2019-10-28 00:00:00
freebsd
freebsd
php -- env_path_info underflow in fpm_main.c can lead to RCE
2019-10-24 00:00:00
cisa_kev
cisa_kev
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
2022-03-25 00:00:00
mageia
mageia
Updated php and pcre2 packages fix security vulnerabilities
2019-10-29 17:54:30
cve
cve
CVE-2019-11043
2019-10-28 15:15:00
exploitdb
exploitdb
PHP-FPM + Nginx - Remote Code Execution
2019-10-28 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Related for USN-4166-2