Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Facebook HHVM 安全漏洞
Vulnerability Description
Facebook HHVM(又名HipHop Virtual Machine)是美国Facebook公司的一款能够显著提高PHP加载动态页面性能的虚拟机。 Facebook HHVM 3.9.6之前版本、3.10.0版本至3.12.4版本和3.13.0版本至3.14.2版本中存在安全漏洞。攻击者可利用该漏洞将CGI应用程序发出的HTTP流量重定向任意的代理服务器。
CVSS Information
N/A
Vulnerability Type
N/A