Over the past week, there's been a lot of news on servers running PHP-FPM (FastCGI Process Manager) - and that's pretty much everyone who is running PHP these days - including NGINX
If you're running versions 7.3.31, 7.4.24 or 8.0.11 or below, it's time to upgrade and protect the server to avoid a privilege escalation vulnerability.
I guess the good news is that all the lazy hosts out there that have not upgraded to even 7.2 do not have this specific exploit to worry about.... that said that reached EOL at the end of 202, and 7.3 is reaching EOL here in 2 months.
As server owners, it's easy to verify FastCGI, but as end-users, the process is a few more steps;
Of course, if your PHP version is out of date, you should upgrade via your control panel if possible, or notify the hosting company to get the server updated ASAP.
Web Host owners ---- get to work! Grab the latest patch and restart servers as necessary!
.
If you're running versions 7.3.31, 7.4.24 or 8.0.11 or below, it's time to upgrade and protect the server to avoid a privilege escalation vulnerability.
I guess the good news is that all the lazy hosts out there that have not upgraded to even 7.2 do not have this specific exploit to worry about.... that said that reached EOL at the end of 202, and 7.3 is reaching EOL here in 2 months.
As server owners, it's easy to verify FastCGI, but as end-users, the process is a few more steps;
- Upload a phpinfo.php file
- Check under "Server API (4th line) and see if it says "PHP-FPM"
- If using NGNIX, it may just say "Apache 2.0 Handler"
- Search the page for "SAPI Modules", FastCGI might be listed there
Of course, if your PHP version is out of date, you should upgrade via your control panel if possible, or notify the hosting company to get the server updated ASAP.
Web Host owners ---- get to work! Grab the latest patch and restart servers as necessary!
.
Last edited:
