Lucene search

INCIBEVULNRICHMENT:CVE-2024-5055

HistoryMay 17, 2024 - 12:03 p.m.

CVE-2024-5055 Vulnerability of uncontrolled resource consumption in XAMPP

2024-05-1712:03:19

CWE-400

INCIBE

github.com

xampp

resource consumption

vulnerability

windows

http requests

system crashes

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XAMPP",
    "vendor": "Apache Friends",
    "versions": [
      {
        "status": "affected",
        "version": "7.3.2"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VULNRICHMENT:CVE-2024-5055