CVE-2019-11043 — PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
2022-03-25 • CISA Known Exploited Vulnerability
[event] In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | PHP |
| Product | FastCGI Process Manager (FPM) |
| CWE | CWE-120 |
| CVE ID | CVE-2019-11043 |
| Date Added | 2022-03-25 |
| Due Date | 2022-04-15 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-04-15