XAMPP < 1.4.14 Multiple Vulnerabilities

medium Nessus Plugin ID 18036

Synopsis

The remote host contains several applications that may use default passwords and be prone to cross-site scripting and directory traversal attacks.

Description

The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration.

The remote version of this software contains security flaws and password disclosure weaknesses that could allow an attacker to perform cross-site scripting attacks against the remote host or to gain administrative access on the remote host if no password has been set.

Solution

Upgrade to XAMPP 1.4.14 or newer.

See Also

https://marc.info/?l=full-disclosure&m=111330048629182&w=2

http://sourceforge.net/project/shownotes.php?release_id=335710

Plugin Details

Severity: Medium

ID: 18036

File Name: xampp_multiple_vulns.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 4/13/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/12/2005

Reference Information

CVE: CVE-2005-1077, CVE-2005-1078, CVE-2005-2043

BID: 13131, 13128, 13127, 13126, 13982, 13983

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990