CVE-2019-3569
Published Jun 26, 2019
Last updated 3 years ago
Overview
- Description
- HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
- Source
- cve-assign@fb.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D3D5055-D49B-4E8F-BC0A-08D779135A8B",
"versionEndIncluding": "3.30.5"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C45FDDD-7D26-4B6D-92C5-2CC56744E640"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66C30666-3B5A-48F4-B9D0-C10E9987D697"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2814F556-8F34-4944-BF56-16EE580460E8"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B387839-87D3-4864-8850-F80DBA120E15"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FAB1506-8A10-4D12-986F-9CB505613896"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E66B50A7-1F3B-484E-881C-E82A6BCAE451"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C20F7A3C-1AB7-4ACB-94F4-AE30E5A059E9"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C228A35-6BD8-4873-B0C1-ED85EAE3DD0D"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D0BC86A-393F-4929-BD95-9C5107BD2D68"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0972CED9-09D2-40F1-BD60-17ADA19645CF"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "915D9CF1-34C1-4608-A481-8B6ED43490FC"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C3110F-F78C-4701-9E9C-113A5544B762"
},
{
"criteria": "cpe:2.3:a:facebook:hhvm:4.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91234ACF-30A1-4BA8-833C-32D21679801A"
}
],
"operator": "OR"
}
]
}
]