Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310152427HistoryJun 17, 2024 - 12:00 a.m.
XAMPP <= 7.3.2 DoS Vulnerability
2024-06-1700:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
1
xampp
denial of service
vulnerability
windows
7.3.2
dos
system crashes
http requests
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
XAMPP is prone to a denial of service (DoS) vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:apachefriends:xampp";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.152427");
script_version("2024-06-18T05:05:55+0000");
script_tag(name:"last_modification", value:"2024-06-18 05:05:55 +0000 (Tue, 18 Jun 2024)");
script_tag(name:"creation_date", value:"2024-06-17 05:31:36 +0000 (Mon, 17 Jun 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_cve_id("CVE-2024-5055");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"NoneAvailable");
script_name("XAMPP <= 7.3.2 DoS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Denial of Service");
script_dependencies("gb_xampp_http_detect.nasl", "os_detection.nasl");
script_mandatory_keys("xampp/detected", "Host/runs_windows");
script_tag(name:"summary", value:"XAMPP is prone to a denial of service (DoS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"When XAMPP attempts to process many incomplete HTTP requests,
it results in resource consumption and system crashes.");
script_tag(name:"affected", value:"XAMPP for Windows version 7.3.2 and prior.");
script_tag(name:"solution", value:"No known solution is available as of 17th June, 2024.
Information regarding this issue will be updated once solution details are available.");
script_xref(name:"URL", value:"https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less_equal(version: version, test_version: "7.3.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(0);
Related
cvelist
cvelist
CVE-2024-5055 Vulnerability of uncontrolled resource consumption in XAMPP
2024-05-17 12:03:19
nvd
nvd
CVE-2024-5055
2024-05-17 12:15:18
cve
cve
CVE-2024-5055
2024-05-17 12:15:18
vulnrichment
vulnrichment
CVE-2024-5055 Vulnerability of uncontrolled resource consumption in XAMPP
2024-05-17 12:03:19
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for OPENVAS:1361412562310152427