CVE Vulnerability

CVE-2019-3569

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html Release Notes Vendor Advisory
https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:facebook:hhvm:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
Information

Published : 2019-06-26 03:15

Updated : 2021-09-14 12:19

NVD link : CVE-2019-3569

Mitre link : CVE-2019-3569

Products Affected
No products.
CWE
CWE-668