Nasty PHP7 remote code execution bug exploited in the wild

guest · Oct 26, 2019

Nasty PHP7 remote code execution bug exploited in the wild
New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers
October 26, 2019
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets.
The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.
Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week.
ONLY NGINX SERVERS AFFECTED
Fortunately, not all PHP-capable web servers are impacted. Only NGINX servers with PHP-FPM enabled are vulnerable.
[...] Nextcloud, who issued a security advisory to its clients on Thursday, October 24, urging customers to update PHP to the latest release, versions 7.3.11 and 7.2.24, which had been released on the same day and included fixes for CVE-2019-11043.
Click to expand...

This blog post from Wallarm, the company that found the PHP7 RCE, includes instructions on how webmasters can use the standard mod_security firewall utility to block %0a (newline) bytes in website URLs, and prevent any incoming attacks.
Click to expand...

Wallarm: PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise

Log in or Sign up

Nasty PHP7 remote code execution bug exploited in the wild

guest Guest

Log in or Sign up

Nasty PHP7 remote code execution bug exploited in the wild

guest Guest

Useful Searches