Skip to main content
All vulnerabilities
CVE-2019-11043 Known ransomware use

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability

PHPFastCGI Process Manager (FPM)

Added to KEV catalog
25 March 2022
Federal remediation due date
15 April 2022
Weakness classification (CWE)
CWE-120

CISA Description

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-11043

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services