PHP-FPM Status Module

What is the "PHP-FPM Status" module?

The "PHP-FPM Status" module is a test case designed to detect misconfigurations or vulnerabilities in PHP-FPM, a FastCGI Process Manager for PHP. It is an informative module that provides insights into the status of the PHP-FPM service.

This module has a severity level of "informative," meaning it provides valuable information but does not indicate a direct security risk.

Author: geeknik

Impact

This module does not have a direct impact on the system. It is used to gather information about the PHP-FPM service, such as the pool configuration, process manager details, start time, and process ID.

How does the module work?

The "PHP-FPM Status" module sends an HTTP GET request to the "/status?full" endpoint of the PHP-FPM service. It then applies matching conditions to determine if the response indicates a successful status and contains specific keywords related to the PHP-FPM service.

Example HTTP request:

GET /status?full

The module uses the following matching conditions:

- The response must have a status code of 200. - The response body must contain the following keywords: "pool:", "process manager:", "start time:", and "pid:".

If all matching conditions are met, the module reports a successful match.