PHP-FPM Status Page - Vulnerability Database

PHP-FPM Status Page

Description

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation. PHP-FPM has a feature that allows setting up a status page to view that status of a PHP-FPM pool, configurable using the option pm.status_path.

On this server the PHP-FPM Status Page is publicly accessible. For security reasons, its recommended to keep your PHP-FPM status page private.

Remediation

For security reasons, its recommended to keep your PHP-FPM status page private. You can restrict access to certain IP addresses by using the <strong>allow</strong> keyword as shown below: <pre> location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; allow 1.2.3.4#your-ip; deny all; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; } </pre>

References

PHP-FPM Status Page

Related Vulnerabilities

Severity

Medium

Classification

CWE-200

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

PHP-FPM Status Page

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags