CVE-2019-3569
First published: Wed Jun 26 2019(Updated: )
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <=3.30.5 | |
| Facebook HHVM | =4.0.0 | |
| Facebook HHVM | =4.0.1 | |
| Facebook HHVM | =4.0.2 | |
| Facebook HHVM | =4.0.3 | |
| Facebook HHVM | =4.0.4 | |
| Facebook HHVM | =4.1.0 | |
| Facebook HHVM | =4.2.0 | |
| Facebook HHVM | =4.3.0 | |
| Facebook HHVM | =4.4.0 | |
| Facebook HHVM | =4.5.0 | |
| Facebook HHVM | =4.6.0 | |
| Facebook HHVM | =4.7.0 | |
| Facebook HHVM | =4.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3569?
CVE-2019-3569 is a vulnerability in HHVM when used with FastCGI that allows a malicious individual unintended direct access to the application, resulting in information disclosure.
What is the severity of CVE-2019-3569?
The severity of CVE-2019-3569 is high, with a CVSS score of 7.5.
Which versions of HHVM are affected by CVE-2019-3569?
Versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, and 4.8.0 of HHVM are affected by CVE-2019-3569.
How can a malicious individual exploit CVE-2019-3569?
A malicious individual can exploit CVE-2019-3569 by taking advantage of HHVM's default behavior of binding to all available interfaces when used with FastCGI, allowing them direct access to the application.
Where can I find more information about CVE-2019-3569?
More information about CVE-2019-3569 can be found at the following references: [GitHub Commit](https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed), [HHVM Blog](https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/facebook
- canonical/facebook hhvm
- version/facebook hhvm/3.30.5
- version/facebook hhvm/4.0.0
- version/facebook hhvm/4.0.1
- version/facebook hhvm/4.0.2
- version/facebook hhvm/4.0.3
- version/facebook hhvm/4.0.4
- version/facebook hhvm/4.1.0
- version/facebook hhvm/4.2.0
- version/facebook hhvm/4.3.0
- version/facebook hhvm/4.4.0
- version/facebook hhvm/4.5.0
- version/facebook hhvm/4.6.0
- version/facebook hhvm/4.7.0
- version/facebook hhvm/4.8.0