Vulnerability Description
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | <= 3.30.5 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74edPatchThird Party Advisory
- https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.htmlRelease NotesVendor Advisory
- https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74edPatchThird Party Advisory
- https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2019-3569?
CVE-2019-3569 is a vulnerability with a CVSS score of 7.5 (HIGH). HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in inf...
How severe is CVE-2019-3569?
CVE-2019-3569 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3569?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hhvm.