Information disclosure

2019-06-2615:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

CPENameOperatorVersion
hhvmeq4.0.0
hhvmeq4.0.1
hhvmeq4.0.2
hhvmeq4.0.3
hhvmeq4.0.4
hhvmeq4.1.0
hhvmeq4.2.0
hhvmeq4.3.0
hhvmeq4.4.0
hhvmeq4.5.0

Name	Operator	Version
hhvm	eq	4.0.0
hhvm	eq	4.0.1
hhvm	eq	4.0.2
hhvm	eq	4.0.3
hhvm	eq	4.0.4
hhvm	eq	4.1.0
hhvm	eq	4.2.0
hhvm	eq	4.3.0
hhvm	eq	4.4.0
hhvm	eq	4.5.0

Rows per page:

1-10 of 141

References

github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed

hhvm.com/blog/2019/06/10/hhvm-4.9.0.html