CVE-2019-3569

Summary

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM4.8.1affected
FacebookHHVM4.8.0affected
FacebookHHVM4.7.1affected
FacebookHHVM4.7.0affected
FacebookHHVM4.6.1affected
FacebookHHVM4.6.0affected
FacebookHHVM4.5.1affected
FacebookHHVM4.5.0affected
FacebookHHVM4.4.1affected
FacebookHHVM4.4.0affected
FacebookHHVM4.3.1affected
FacebookHHVM4.0.0 < unspecifiedaffected
FacebookHHVM3.30.6affected
FacebookHHVMunspecified <= 3.30.5affected

Weaknesses

  • CWE-552: Files or Directories Accessible to External Parties (CWE-552)

ADP Enrichment

CVE Program Container

Additional References

References