Vulnerability of uncontrolled resource consumption in XAMPP

Posted date 17/05/2024

Identificador

INCIBE-2024-0264

Importance

4 - High

Affected Resources

XAMPP, 7.3.2 version.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting XAMPP, a free and open source cross-platform web server solution package developed by Apache Friends, version 7.3.2, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, base score CVSS v3.1, CVSS vector and vulnerability type CWE:

CVE-2024-5055: 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-400

Solution

There is no reported solution at this time.

Detail

CVE-2024-5055: uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

References list

XAMPP

Etiquetas

0day
Apache
CNA
Vulnerability