Bobcares
Client Area
Emergency Support
Latest | Server Management

CVE-2021-21703: Vulnerability in PHP-FPM | Resolved

by | Dec 31, 2021

CVE-2021-21703: Vulnerability in PHP-FPM giving you trouble?

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped out a customer with CVE-2021-21703: Vulnerability in PHP-FPM.

CVE-2021-21703: Vulnerability in PHP-FPM

The CVE-2021-21703 vulnerability is present in PHP versions 7.3.x including 7.3.31, 7.4.x lower than 7.4.25 as well as 8.0.x lower than 8.0.12. Furthermore, this vulnerability affects only PHP running in the PHP-FPM mode.

We can find fixes for the PHP versions 8.0, 7.4, 7.3, 7.2, 7.1, 7.0, and 5.6 by Plesk in the Updates section under Tools & Settings.

According to our Support Team, the PHP versions along with the fixes were released in October 2021. In other words, any builds with a timestamp 2110 or higher already contain the fix. We can verify this with these steps:

  1. First, we will connect to the server through SSH.
  2. Then, we can check the package build versions with these commands:
    • On the RedHat based OS: 
      # yum list installed | grep "php..\.x86_64"
plesk-php56.x86_64 5.6.40-centos7.21111012 @PLESK_17_PHP56
plesk-php70.x86_64 7.0.33-centos7.21110918 @PLESK_17_PHP70
plesk-php71.x86_64 7.1.33-1centos.7.211108.1944 @PLESK_17_PHP71
plesk-php72.x86_64 1:7.2.34-1centos.7.211108.1944 @PLESK_17_PHP72
plesk-php73.x86_64 1:7.3.32-1centos.7.211028.1754 @PLESK_17_PHP73
plesk-php74.x86_64 7.4.25-1centos.7.211025.1356 @PLESK_17_PHP74
plesk-php80.x86_64 8.0.12-1centos.7.211025.1356 @PLESK_17_PHP80
    • On the Debian based OS: 
      # dpkg -l | grep "plesk-php..\ "
ii plesk-php73 1:7.3.32-ubuntu.20.04.211028.1754 amd64 PHP scripting language for creating dynamic web sites
ii plesk-php74 7.4.25-ubuntu.20.04.211025.1356 amd64 PHP scripting language for creating dynamic web sites

       

[Looking for a solution to another query? We have your back.]

Conclusion

In short, the skilled Support Engineers at Bobcares demonstrated how to deal with CVE-2021-21703: Vulnerability in PHP-FPM.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. How to install multiple PHP versions on VestaCP
  2. How to run additional PHP versions on Debian with ISPConfig
  3. Access files on DigitalOcean Droplet with ease
  4. IIS Website Configuration – Everything you need to focus

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. How to install multiple PHP versions on VestaCP
  2. How to run additional PHP versions on Debian with ISPConfig
  3. Access files on DigitalOcean Droplet with ease
  4. IIS Website Configuration – Everything you need to focus

Never again lose customers to poor
server speed! Let us help you.

GET STARTED