Nasty PHP7 remote code execution bug exploited in the wild (Nextcloud specifically called out)
-
-
Dam but it only affects NGINX with PHP-FPM
I thought FPM should be more secure cause it allows PHP to run standalone, but at the same time I dont know why it is PHP vulnerability since it only affects Nginx with FPM and not Apache with FPM, if i was fair man i would put the blame 50/50
-
@Emad-R said in Nasty PHP7 remote code execution bug exploited in the wild (Nextcloud specifically called out):
Dam but it only affects NGINX with PHP-FPM
I thought FPM should be more secure cause it allows PHP to run standalone, but at the same time I dont know why it is PHP vulnerability since it only affects Nginx, if i was fair man i would put the blame 50/50
Who manages php-fpm? Because if it’s PHP then they should get all or at least more than 50% of the blame.
-
This is specifically calling out Nextcloud setup with Nginx as the webserver?
-
@Emad-R said in Nasty PHP7 remote code execution bug exploited in the wild (Nextcloud specifically called out):
I thought FPM should be more secure cause it allows PHP to run standalone
Just because a model is more secure, doesn't mean that a bug won't expose it.
-
@JaredBusch said in Nasty PHP7 remote code execution bug exploited in the wild (Nextcloud specifically called out):
This is specifically calling out Nextcloud setup with Nginx as the webserver?
From a quick browse, it looks like it could affect nginx proxies as well.
-
From Fedora 30, installing
php. PHP-FPM is a weak dependencies for php and also nginx-filesystem gets installed too.
-
@black3dynamite said in Nasty PHP7 remote code execution bug exploited in the wild (Nextcloud specifically called out):
From Fedora 30, installing
php. PHP-FPM is a weak dependencies for php and also nginx-filesystem gets installed too.
haha weak dependency, no body called me that in years.
