Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310152427
HistoryJun 17, 2024 - 12:00 a.m.

XAMPP <= 7.3.2 DoS Vulnerability

2024-06-1700:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
3
xampp
denial of service
vulnerability
windows
7.3.2
dos
system crashes
http requests

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

JSON

XAMPP is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apachefriends:xampp";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.152427");
  script_version("2024-06-18T05:05:55+0000");
  script_tag(name:"last_modification", value:"2024-06-18 05:05:55 +0000 (Tue, 18 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-06-17 05:31:36 +0000 (Mon, 17 Jun 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_cve_id("CVE-2024-5055");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"NoneAvailable");

  script_name("XAMPP <= 7.3.2 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_xampp_http_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("xampp/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"XAMPP is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"When XAMPP attempts to process many incomplete HTTP requests,
  it results in resource consumption and system crashes.");

  script_tag(name:"affected", value:"XAMPP for Windows version 7.3.2 and prior.");

  script_tag(name:"solution", value:"No known solution is available as of 17th June, 2024.
  Information regarding this issue will be updated once solution details are available.");

  script_xref(name:"URL", value:"https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less_equal(version: version, test_version: "7.3.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(0);

Related

cvelist 1
nvd 1
cve 1
vulnrichment 1
cvelist
cvelist
CVE-2024-5055 Vulnerability of uncontrolled resource consumption in XAMPP
2024-05-17 12:03:19
nvd
nvd
CVE-2024-5055
2024-05-17 12:15:18
cve
cve
CVE-2024-5055
2024-05-17 12:15:18
vulnrichment
vulnrichment
CVE-2024-5055 Vulnerability of uncontrolled resource consumption in XAMPP
2024-05-17 12:03:19

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

JSON
Related for OPENVAS:1361412562310152427
cvelist1nvd1cve1vulnrichment1