CVE-2018-25169
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ampps | AMPPS | 2.7 | affected |
Weaknesses
- CWE-1188: Initialization of a Resource with an Insecure Default
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/45850
- https://www.vulncheck.com/advisories/ampps-denial-of-service-via-malformed-socket-connection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.