| VID |
21559 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The XAMPP software, according to its version number, is vulnerable to multiple vulnerabilities. XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP versions 1.4.13 and earlier are vulnerable to multiple cross-site scripting vulnerabilities and an insecure default password vulnerability vulnerability:
1) Multiple cross-site scripting vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via cds.php, Guestbook-EN.pl, or phonebook.php script.
2) XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
* Note: This check solely relied on the version number of the XAMPP installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://marc.theaimsgroup.com/?l=full-disclosure&m=111330048629182&w=2
* Platforms Affected:
XAMPP Apache Distribution versions 1.4.13 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of April 2005.
Upgrade to the latest version of XAMPP (1.4.14 or later), when new version fixed this problem becomes available from the XAMPP Web site at http://www.apachefriends.org/en/xampp.html |
| Related URL |
CVE-2005-1077,CVE-2005-1078 (CVE) |
| Related URL |
13131,13128,13127,13126 (SecurityFocus) |
| Related URL |
(ISS) |
|
