CVE-2019-11043
Underflow in PHP-FPM can lead to RCE
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
We have discovered 309,685 live websites that are affected by CVE-2019-11043.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 309,685 live websites (2.56% of PHP install base) |
Common Weakness Enumeration
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-11043 and the relative popularity of websitesDetails
- Published - Oct 22, 2019
- Updated - Jul 23, 2021
Credits
- Reported by Emil Lerner.
CWE
CVE References
CWE References
Countries
 United States | 45,982 websites |
 France | 109,986 websites |
 China | 21,771 websites |
 Russia | 14,895 websites |
 Netherlands | 11,849 websites |
 Japan | 10,955 websites |
 Germany | 9,092 websites |
 Italy | 7,469 websites |
 Poland | 6,342 websites |
 GB | 5,967 websites |
TLDs
| .com | 126,753 websites |
| .fr | 48,933 websites |
| .ru | 12,357 websites |
| .org | 11,441 websites |
| .net | 9,468 websites |
| .nl | 8,856 websites |
| .be | 6,201 websites |
| .de | 6,097 websites |
| .it | 5,291 websites |
| .pl | 4,985 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2019-11043 through included software libraries and plugins.References
- https://github.com/neex/phuip-fpizdam
- https://bugs.php.net/bug.php?id=78599
- https://usn.ubuntu.com/4166-1/
- https://www.debian.org/security/2019/dsa-4552
- https://www.debian.org/security/2019/dsa-4553
- https://usn.ubuntu.com/4166-2/
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
- https://security.netapp.com/advisory/ntap-20191031-0003/
- https://access.redhat.com/errata/RHSA-2019:3286
- https://access.redhat.com/errata/RHSA-2019:3287
- https://access.redhat.com/errata/RHSA-2019:3299
- https://access.redhat.com/errata/RHSA-2019:3300
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
- https://access.redhat.com/errata/RHSA-2019:3724
- https://access.redhat.com/errata/RHSA-2019:3735
- https://access.redhat.com/errata/RHSA-2019:3736
- https://www.synology.com/security/advisory/Synology_SA_19_36
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
- https://support.apple.com/kb/HT210919
- https://seclists.org/bugtraq/2020/Jan/44
- http://seclists.org/fulldisclosure/2020/Jan/40
- https://access.redhat.com/errata/RHSA-2020:0322
- http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2019-11043
Top websites that are affected by CVE-2019-11043. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.cz |  Czech Republic | *,*** | |
| *.cn | China | *,*** | |
| ***.*.cn | China | *,*** | |
| *****.***.cn | China | *,*** | |
| ***.*****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| ***.*****.cn | China | *,*** | |
| ******.*********.com | China | *,*** | |
| ***.*********.com | China | *,*** | |
| *.***.cn | China | *,*** |