Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-201910-14 - log back

ASA-201910-14 edited at 28 Oct 2019 10:20:21

Workaround

-	If nginx and php-fpm share the same filesystem, one can first check the script actually exists, so the malicious request will never make it to php-fpm (it is usually done using something like `try_files $uri =404`). Or there may be cgi.fix_pathinfo=0 which will also prevent exploitation.
+	If nginx and php-fpm share the same filesystem, one can first check the
+	script actually exists, so the malicious request will never make it to
+	php-fpm (it is usually done using something like `try_files $uri
+	=404`). Or there may be cgi.fix_pathinfo=0 which will also prevent
+	exploitation.

ASA-201910-14 edited at 25 Oct 2019 12:08:04

Workaround

+	If nginx and php-fpm share the same filesystem, one can first check the script actually exists, so the malicious request will never make it to php-fpm (it is usually done using something like `try_files $uri =404`). Or there may be cgi.fix_pathinfo=0 which will also prevent exploitation.

Impact

+	A remote attacker is able to execute arbitrary code on the affected host by supplying %0a in the path info if php-fpm is used with a vulnerable nginx configuration.

ASA-201910-14 created at 25 Oct 2019 12:04:52