Lucene search

[email protected]CVE-2009-0919

HistoryMar 16, 2009 - 7:30 p.m.

CVE-2009-0919

2009-03-1619:30:00

CWE-255

[email protected]

web.nvd.nist.gov

xampp

insecure passwords

proftpd

mysql

phpmyadmin

remote attackers

access vulnerability

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the “lampp” default password for the “nobody” account within the included ProFTPD installation, (2) a blank default password for the “root” account within the included MySQL installation, (3) a blank default password for the “pma” account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with “no contact from / to internet.”

Affected configurations

NVD

Node

apachefriendsxamppMatch0.1alphasolaris

apachefriendsxamppMatch0.1betamac_os_x

apachefriendsxamppMatch0.2alphasolaris

apachefriendsxamppMatch0.2betamac_os_x

apachefriendsxamppMatch0.3-mac_os_x

apachefriendsxamppMatch0.3alphasolaris

apachefriendsxamppMatch0.4-mac_os_x

apachefriendsxamppMatch0.4alphasolaris

apachefriendsxamppMatch0.5-mac_os_x

apachefriendsxamppMatch0.5betasolaris

apachefriendsxamppMatch0.6-mac_os_x

apachefriendsxamppMatch0.6betasolaris

apachefriendsxamppMatch0.6.1-mac_os_x

apachefriendsxamppMatch0.6.2-mac_os_x

apachefriendsxamppMatch0.6.3-mac_os_x

apachefriendsxamppMatch0.6a-mac_os_x

apachefriendsxamppMatch0.7betasolaris

apachefriendsxamppMatch0.7.0-mac_os_x

apachefriendsxamppMatch0.7.1-mac_os_x

apachefriendsxamppMatch0.7.2-mac_os_x

apachefriendsxamppMatch0.7.3-mac_os_x

apachefriendsxamppMatch0.7.4-mac_os_x

apachefriendsxamppMatch0.8.1-solaris

apachefriendsxamppMatch0.8.2-solaris

apachefriendsxamppMatch0.9-solaris

apachefriendsxamppMatch0.9-windows

apachefriendsxamppMatch1.0-windows

apachefriendsxamppMatch1.0.1-mac_os_x

apachefriendsxamppMatch1.1-windows

apachefriendsxamppMatch1.2-linux

apachefriendsxamppMatch1.2-windows

apachefriendsxamppMatch1.3-linux

apachefriendsxamppMatch1.3-windows

apachefriendsxamppMatch1.4-linux

apachefriendsxamppMatch1.4-windows

apachefriendsxamppMatch1.4.2-linux

apachefriendsxamppMatch1.4.2-windows

apachefriendsxamppMatch1.4.3-linux

apachefriendsxamppMatch1.4.3-windows

apachefriendsxamppMatch1.4.4-linux

apachefriendsxamppMatch1.4.4-windows

apachefriendsxamppMatch1.4.5-linux

apachefriendsxamppMatch1.4.5-windows

apachefriendsxamppMatch1.4.6-linux

apachefriendsxamppMatch1.4.6-windows

apachefriendsxamppMatch1.4.7-linux

apachefriendsxamppMatch1.4.7-windows

apachefriendsxamppMatch1.4.8-linux

apachefriendsxamppMatch1.4.8-windows

apachefriendsxamppMatch1.4.9-linux

apachefriendsxamppMatch1.4.9-windows

apachefriendsxamppMatch1.4.10-linux

apachefriendsxamppMatch1.4.10-windows

apachefriendsxamppMatch1.4.11-linux

apachefriendsxamppMatch1.4.11-windows

apachefriendsxamppMatch1.4.12-linux

apachefriendsxamppMatch1.4.12-windows

apachefriendsxamppMatch1.4.13-linux

apachefriendsxamppMatch1.4.13-windows

apachefriendsxamppMatch1.4.14-linux

apachefriendsxamppMatch1.4.14-windows

apachefriendsxamppMatch1.4.15-linux

apachefriendsxamppMatch1.4.15-windows

apachefriendsxamppMatch1.4.16-linux

apachefriendsxamppMatch1.4.16-windows

apachefriendsxamppMatch1.5-linux

apachefriendsxamppMatch1.5.0-windows

apachefriendsxamppMatch1.5.1-linux

apachefriendsxamppMatch1.5.1-windows

apachefriendsxamppMatch1.5.2-linux

apachefriendsxamppMatch1.5.2-windows

apachefriendsxamppMatch1.5.3-linux

apachefriendsxamppMatch1.5.3-windows

apachefriendsxamppMatch1.5.4-linux

apachefriendsxamppMatch1.5.4-windows

apachefriendsxamppMatch1.5.4a-linux

apachefriendsxamppMatch1.5.4a-windows

apachefriendsxamppMatch1.5.5-linux

apachefriendsxamppMatch1.5.5-windows

apachefriendsxamppMatch1.5.5a-linux

apachefriendsxamppMatch1.6-linux

apachefriendsxamppMatch1.6.0-windows

apachefriendsxamppMatch1.6.0a-windows

apachefriendsxamppMatch1.6.1-linux

apachefriendsxamppMatch1.6.1-windows

apachefriendsxamppMatch1.6.2-linux

apachefriendsxamppMatch1.6.2-windows

apachefriendsxamppMatch1.6.3-linux

apachefriendsxamppMatch1.6.3-windows

apachefriendsxamppMatch1.6.3a-linux

apachefriendsxamppMatch1.6.3a-windows

apachefriendsxamppMatch1.6.3b-linux

apachefriendsxamppMatch1.6.4-linux

apachefriendsxamppMatch1.6.4-windows

apachefriendsxamppMatch1.6.5-linux

apachefriendsxamppMatch1.6.5-windows

apachefriendsxamppMatch1.6.5a-linux

apachefriendsxamppMatch1.6.6-linux

apachefriendsxamppMatch1.6.6-windows

apachefriendsxamppMatch1.6.6a-windows

apachefriendsxamppMatch1.6.7-linux

apachefriendsxamppMatch1.6.7-windows

apachefriendsxamppMatch1.6.8-windows

apachefriendsxamppMatch1.6.8a-linux

apachefriendsxamppMatch1.7-linux

apachefriendsxamppMatch1.7-windows

apachefriendsxamppMatch1.7.1-linux

apachefriendsxamppMatch1.7.1-windows

apachefriendsxamppMatchdevelopment-windows

CPENameOperatorVersion
apachefriends:xamppapachefriends xamppeq0.1
apachefriends:xamppapachefriends xamppeq0.2
apachefriends:xamppapachefriends xamppeq0.3
apachefriends:xamppapachefriends xamppeq0.4
apachefriends:xamppapachefriends xamppeq0.5
apachefriends:xamppapachefriends xamppeq0.6
apachefriends:xamppapachefriends xamppeq0.6.1
apachefriends:xamppapachefriends xamppeq0.6.2
apachefriends:xamppapachefriends xamppeq0.6.3
apachefriends:xamppapachefriends xamppeq0.6a

CPE	Name	Operator	Version
apachefriends:xampp	apachefriends xampp	eq	0.1
apachefriends:xampp	apachefriends xampp	eq	0.2
apachefriends:xampp	apachefriends xampp	eq	0.3
apachefriends:xampp	apachefriends xampp	eq	0.4
apachefriends:xampp	apachefriends xampp	eq	0.5
apachefriends:xampp	apachefriends xampp	eq	0.6
apachefriends:xampp	apachefriends xampp	eq	0.6.1
apachefriends:xampp	apachefriends xampp	eq	0.6.2
apachefriends:xampp	apachefriends xampp	eq	0.6.3
apachefriends:xampp	apachefriends xampp	eq	0.6a

Rows per page:

1-10 of 681

References

ptk.dflabs.com/security.html

www.apachefriends.org/en/faq-xampp-linux.html

www.debianhelp.co.uk/xampp.htm

www.ibm.com/developerworks/linux/library/l-xampp/

exchange.xforce.ibmcloud.com/vulnerabilities/49306

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2009-0919

prion1 nvd1 cvelist1 openvas1