Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3556

Опубликовано: 26 окт. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.5
CVSS3: 8.1

Описание

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.01666
Низкий

5.5 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-3556

CVSS3: 8.1
nvd
больше 4 лет назад

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.

debian логотип

CVE-2019-3556

CVSS3: 8.1
debian
больше 4 лет назад

HHVM supports the use of an "admin" server which accepts administrativ ...

github логотип

GHSA-36h6-q98c-7j6j

github
больше 3 лет назад

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.

EPSS

Процентиль: 82%
0.01666
Низкий

5.5 Medium

CVSS2

8.1 High

CVSS3