CVE-2019-3569

Sažetak

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

Reference

https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-09-2021 - 12:19

Objavljeno

26-06-2019 - 15:15