PT-2019-16617 · Facebook · Hhvm

Published

2019-06-26

Updated

2021-09-14

CVE-2019-3569

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HHVM versions 3.30.5 and below HHVM versions 4.0 through 4.8.0

Description The issue allows a malicious individual unintended direct access to the application, which could result in information disclosure. This is due to HHVM binding by default to all available interfaces when used with FastCGI.

Recommendations For HHVM versions 3.30.5 and below, update to a version above 3.30.5 to resolve the issue. For HHVM versions 4.0 through 4.8.0, update to a version above 4.8.0 to resolve the issue.

Fix

Files Accessible to External Parties

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552CWE-668

Related Identifiers

CVE-2019-3569

Affected Products

Hhvm

PT-2019-16617 · Facebook · Hhvm

CVE-2019-3569

Weakness Enumeration

Related Identifiers

Affected Products

References · 7