PT-2019-16617 · Facebook · Hhvm

Publicado

2019-06-26

Atualizado

2021-09-14

CVE-2019-3569

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HHVM versions 3.30.5 and below HHVM versions 4.0 through 4.8.0

Description The issue allows a malicious individual unintended direct access to the application, which could result in information disclosure. This is due to HHVM binding by default to all available interfaces when used with FastCGI.

Recommendations For HHVM versions 3.30.5 and below, update to a version above 3.30.5 to resolve the issue. For HHVM versions 4.0 through 4.8.0, update to a version above 4.8.0 to resolve the issue.

Correção

Files Accessible to External Parties

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552CWE-668

Identificadores relacionados

CVE-2019-3569

Produtos afetados

Hhvm

PT-2019-16617 · Facebook · Hhvm

CVE-2019-3569

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7