Full Disclosure mailing list archives
PHP-FPM and PHP-CGI - Denial of Service POC
From: Vinny Troia <vinny () nightlionsecurity com>
Date: Mon, 5 May 2014 17:56:08 -0500
When running under Apache or NGINX servers, the default (and/or commonly accepted) configurations of PHP-FPM and PHP-CGI (mod_fcgi) are easily susceptible to denial of service attacks. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack will continue to keep the server’s resources in use far past the end of the attack. In the case where PHP-CGI is in use, the Apache processes will spawn and max out based on the serverLimit setting. It will take the web server a considerable amount of time to recover from this event. It is also important to note that this attack has the same premise as Slowloris. The main difference is that Slowloris focuses on eating up HTTP (apache) connections, while this attack focuses on eating up PHP-CGI or PHP-FPM connections (within either Apache or NGINX). Additional information and POC script download here: https://www.nightlionsecurity.com/blog/news/2014/04/phpstress-dos-attack-php-nginx-apache/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- PHP-FPM and PHP-CGI - Denial of Service POC Vinny Troia (May 05)