ASA-201910-14 - log back

ASA-201910-14 edited at 28 Oct 2019 10:20:21
Workaround
- If nginx and php-fpm share the same filesystem, one can first check the script actually exists, so the malicious request will never make it to php-fpm (it is usually done using something like `try_files $uri =404`). Or there may be cgi.fix_pathinfo=0 which will also prevent exploitation.
+ If nginx and php-fpm share the same filesystem, one can first check the
+ script actually exists, so the malicious request will never make it to
+ php-fpm (it is usually done using something like `try_files $uri
+ =404`). Or there may be cgi.fix_pathinfo=0 which will also prevent
+ exploitation.
ASA-201910-14 edited at 25 Oct 2019 12:08:04
Workaround
+ If nginx and php-fpm share the same filesystem, one can first check the script actually exists, so the malicious request will never make it to php-fpm (it is usually done using something like `try_files $uri =404`). Or there may be cgi.fix_pathinfo=0 which will also prevent exploitation.
Impact
+ A remote attacker is able to execute arbitrary code on the affected host by supplying %0a in the path info if php-fpm is used with a vulnerable nginx configuration.
ASA-201910-14 created at 25 Oct 2019 12:04:52