Re: PHP FPM issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 10/31/19 10:49 AM, Thomas Stephen Lee wrote:

Hi,

what is the workaround for this?

https://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/

in either CentOS 7 or 8 ?

thanks

---
Thomas Stephen Lee
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos


The simplest is to conditionally set PATH_INFO if it's not empty:

fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
Another option is to explicitly test whether the fastcgi script path exists : 

if (!-f $document_root$fastcgi_script_name) {
                                return 404;
}

--
Marius

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux