CVE-2019-3569
26.06.2019, 15:15
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hhvm | 𝑥 ≤ 3.30.5 | |
| hhvm | 4.0.0 | |
| hhvm | 4.0.1 | |
| hhvm | 4.0.2 | |
| hhvm | 4.0.3 | |
| hhvm | 4.0.4 | |
| hhvm | 4.1.0 | |
| hhvm | 4.2.0 | |
| hhvm | 4.3.0 | |
| hhvm | 4.4.0 | |
| hhvm | 4.5.0 | |
| hhvm | 4.6.0 | |
| hhvm | 4.7.0 | |
| hhvm | 4.8.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.