Default Binding to All Interfaces in HHVM FastCGI: Information Disclosure Vulnerability

Default Binding to All Interfaces in HHVM FastCGI: Information Disclosure Vulnerability

CVE-2019-3569 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

Learn more about our Cis Benchmark Audit For Bind.