Dashboard Toolbox - VM DASHBOARD BETA: PHP RCE Vulnerability (CVE-2019-11043)

Document created by DMFezzaReed Employee on Nov 5, 2019Last modified by DMFezzaReed Employee on Nov 7, 2019
Version 4Show Document
  • View in full screen mode

Attached JSON file updated Nov 07, 2019. by DMFezzaReed

This page contains information to create a PHP RCE Vulnerability (CVE-2019-11043) VM Dashboard leveraging data in your Qualys Vulnerability Management subscription. 

 

 

 

As of this posting, the following QIDs are associated with this vulnerability:

 

 

 

 

 

 

Should any additional QIDs be added for CVE-2019-11043, please refer to "How to Update this Dashboard" section below.

 

 

 

Note: More QIDs to follow as vendor confirm and release updates for their distros

 

 

 

 

Related Qualys Blog Post: PHP Remote Code Execution Vulnerability (CVE-2019-11043) 

 

 

 

 

 

The widgets in this dashboard are based on the following base query:

 

 

 

 

 

VULNERABILITY: 

 

 

 

CVE-2019-11043 QIDs:

vulnerabilities.vulnerability.qid:87400
vulnerabilities.vulnerability.qid:150270
vulnerabilities.vulnerability.qid:158141
vulnerabilities.vulnerability.qid:158142
vulnerabilities.vulnerability.qid:172687
vulnerabilities.vulnerability.qid:177426
vulnerabilities.vulnerability.qid:177444
vulnerabilities.vulnerability.qid:177445

Not included in the dashboard json, but can be added if needed:

vulnerabilities.vulnerability.qid:197678
vulnerabilities.vulnerability.qid:237728
vulnerabilities.vulnerability.qid:237729
vulnerabilities.vulnerability.qid:351747
vulnerabilities.vulnerability.qid:351748


vulnerabilities.vulnerability:(qid:`87400` OR qid:`150270` OR qid:`158141` OR qid:`158142` OR qid:`172687` OR qid:`177426` OR qid:`177444` OR qid:`177445` OR qid:`197678` OR qid:`237728` OR qid:`237729` OR qid:`351747` OR qid:`351748`)


vulnerabilities.vulnerability.cveIds:`CVE-2019-11043`

 

 

 

 

 

VULNERABILITY: These QIDs provide supporting details related to the QIDs above:

 

 

 

Unix Authentication Method: vulnerabilities.vulnerability.qid:38307

Unix Authentication Not Attempted: vulnerabilities.vulnerability.qid:105297

Unix Authentication Failed: vulnerabilities.vulnerability.qid:105053

Unix Authentication Timeout Occurred: vulnerabilities.vulnerability.qid:115263


Paired each of the above with the operatingSystem tokens below to narrow results:

operatingSystem:amazon linux
operatingSystem:debian
operatingSystem:oracle
operatingSystem:red hat
operatingSystem:suse
operatingSystem:ubuntu

 

 

 

 

 

ASSET:

 

 

 

trackingMethod:IP
trackingMethod:QAGENT
aws.ec2.instanceState:"RUNNING"
azure.vm.state:"RUNNING"
provider:"GCP"

 

 

 

Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

 

 

 

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

 

 

 

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

 

 

 

 

 

 

 

 

 

 

Demonstration Image(s)

 

 

 

 

 

 

 

 

 

How to Update this Dashboard

 

 

 

In the event additional QIDs are added to CVE-2019-14287, below are images on which widget(s):

 

 

 

  1. Require NO Updates
  2. Need to be Added and Configured
  3. Require Vulnerability query modification

 

 

 

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..

 

 

 

 

 

 

 

 

 

 

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

 

Back to Dashboards and Reporting Resources - Start Here 

Outcomes