Discussion - CVE-2019-11043 - PHP-FPM Could Lead to Remote Code Execution on nginx


Tag: @JoshData

1 Like

Just a follow up to the temp fix. You can keep access from a specific IP via the following.

sudo ufw insert 1 allow from <IP> to any port 443
sudo ufw insert 2 deny 443

Can remove these rules via:

sudo ufw status numbered
sudo ufw delete 1
sudo ufw delete 2
1 Like

root@box:~# ufw insert 2 deny 443
Skipping inserting existing rule
Skipping inserting existing rule (v6)

Not working as you showed.

It appears that you need to sudo ufw status numbered
then delete the two rules for port 443 using sudo ufw delete # once for each appearance …
then you can do
sudo ufw insert 2 deny 443

Mitigation info from NextCloud: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

@JoshData have you consider switching to the PPA. It’s at 7.2.24.


We stick with stock Ubuntu packages as much as possible to minimize the “attack surface,” the ways that an attacker could compromise a system.