CVE-2019-3569
N/A
N/A
Summary
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.8.1 | affected | |
| HHVM | 4.8.0 | affected | |
| HHVM | 4.7.1 | affected | |
| HHVM | 4.7.0 | affected | |
| HHVM | 4.6.1 | affected | |
| HHVM | 4.6.0 | affected | |
| HHVM | 4.5.1 | affected | |
| HHVM | 4.5.0 | affected | |
| HHVM | 4.4.1 | affected | |
| HHVM | 4.4.0 | affected | |
| HHVM | 4.3.1 | affected | |
| HHVM | 4.0.0 < unspecified | affected | |
| HHVM | 3.30.6 | affected | |
| HHVM | unspecified <= 3.30.5 | affected |
Weaknesses
- CWE-552: Files or Directories Accessible to External Parties (CWE-552)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed
- https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
References
- https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed
- https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.