| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <BA24F804-ED4F-49FC-8C26-CC33438BAA1D@nightlionsecurity.com> Date: Mon, 5 May 2014 17:56:08 -0500 From: Vinny Troia <vinny@...htlionsecurity.com> To: fulldisclosure@...lists.org Subject: [FD] PHP-FPM and PHP-CGI - Denial of Service POC When running under Apache or NGINX servers, the default (and/or commonly accepted) configurations of PHP-FPM and PHP-CGI (mod_fcgi) are easily susceptible to denial of service attacks. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack will continue to keep the server’s resources in use far past the end of the attack. In the case where PHP-CGI is in use, the Apache processes will spawn and max out based on the serverLimit setting. It will take the web server a considerable amount of time to recover from this event. It is also important to note that this attack has the same premise as Slowloris. The main difference is that Slowloris focuses on eating up HTTP (apache) connections, while this attack focuses on eating up PHP-CGI or PHP-FPM connections (within either Apache or NGINX). Additional information and POC script download here: https://www.nightlionsecurity.com/blog/news/2014/04/phpstress-dos-attack-php-nginx-apache/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists