Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2208

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2208
Last Modified 30 Dec 2014 10:28:24
Published 28 Dec 2014 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2208

Summary

CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

Vulnerable Systems

Application

  • Facebook Hiphop Virtual Machine 2.4.1


References

CONFIRM - https://github.com/facebook/hhvm/commit/506a44194a9016406c752ad8e010c01aeffc18cc


Last Updated: 27 May 2016 11:07:22