Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3569

Опубликовано: 26 июн. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
Версия до 3.30.5 (включая)
cpe:2.3:a:facebook:hhvm:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%
0.00366
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-552
CWE-668

Связанные уязвимости

ubuntu логотип

CVE-2019-3569

CVSS3: 7.5
ubuntu
больше 6 лет назад

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

debian логотип

CVE-2019-3569

CVSS3: 7.5
debian
больше 6 лет назад

HHVM, when used with FastCGI, would bind by default to all available i ...

github логотип

GHSA-4687-m9rr-f6p3

github
больше 3 лет назад

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

EPSS

Процентиль: 58%
0.00366
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-552
CWE-668