A severe security flaw has been discovered in PHP, the popular server-side scripting language. This vulnerability, identified as CVE-2019-11043, allows attackers to execute arbitrary code on servers running PHP under certain configurations. The simplicity of the exploit coupled with the widespread use of PHP could have significant implications for web security.
Understanding the Vulnerability
The vulnerability affects PHP 7.x versions running on NGINX servers with the php-fpm extension enabled. It arises from improper processing of query string parameters by the affected PHP versions, allowing attackers to execute commands remotely on the server. This can occur through a specially crafted request to a target server, which then leads to arbitrary command execution if the conditions are met.
Detection and Impact
Detecting whether a system is vulnerable involves checking the PHP version and configuration settings such as the presence of php-fpm. The threat is particularly acute because it allows attackers to take complete control of the affected server, potentially leading to data theft, website defacement, and further network compromise.
Prevention and Mitigation
The primary solution is to update PHP to a version that patches this vulnerability, specifically PHP 7.2.24 or PHP 7.3.11. For those unable to upgrade immediately, employing a Web Application Firewall (WAF) with specific rules to block known malicious payloads can provide temporary protection. Qualys WAF, for example, offers predefined rules that can prevent the exploitation of this vulnerability by blocking suspicious request patterns.
The discovery of CVE-2019-11043 underscores the critical need for regular security audits and updates in server environments. System administrators and web developers should take immediate steps to patch affected systems and ensure that all security measures are up to date to protect against this and future vulnerabilities.
