Home > Vulnerability Database > CVE-2019-3569

Mend.io Vulnerability Database

CVE-2019-3569

Good to know:

Date: June 26, 2019

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

Language: C++

Severity Score

7.5

Related Resources (5)

Url: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-3569

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3569

Url: https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed

Url: https://www.mend.io/vulnerability-database/CVE-2019-3569

Severity Score

7.5

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Files or Directories Accessible to External Parties

CWE-552

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version HHVM-4.9.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-3569

Good to know:

Date: June 26, 2019

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?