Insecure UNIX Socket Permissions in PHP FastCGI Process Manager (FPM)

Insecure UNIX Socket Permissions in PHP FastCGI Process Manager (FPM)

CVE-2014-0185 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Learn more about our Api Penetration Testing.