[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] PHP-FPM and PHP-CGI - Denial of Service POC

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] PHP-FPM and PHP-CGI - Denial of Service POC
From: Vinny Troia <vinny@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 5 May 2014 17:56:08 -0500

When running under Apache or NGINX servers, the default (and/or commonly 
accepted) configurations of PHP-FPM and PHP-CGI (mod_fcgi) are easily 
susceptible to denial of service attacks. 

This attack effects Apache or NGINX web servers that handle dynamic PHP content 
using either PHP-CGI or PHP-FPM (which includes WordPress websites). In 
addition, the requests made by the attack will continue to keep the server’s 
resources in use far past the end of the attack. In the case where PHP-CGI is 
in use, the Apache processes will spawn and max out based on the serverLimit 
setting. It will take the web server a considerable amount of time to recover 
from this event. 

It is also important to note that this attack has the same premise as 
Slowloris. The main difference is that Slowloris focuses on eating up HTTP 
(apache) connections, while this attack focuses on eating up PHP-CGI or PHP-FPM 
connections (within either Apache or NGINX). 

Additional information and POC script download here: 
https://www.nightlionsecurity.com/blog/news/2014/04/phpstress-dos-attack-php-nginx-apache/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities
Next by Date: Re: [FD] Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files
Previous by thread: [FD] CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities
Next by thread: [FD] Beginners error: Piriform's Crap Cleaner^W runs rogue program C:\Program.exe
Index(es):
- Date
- Thread