XAMPP WebDAV PHP Upload Vulnerability Network Vulnerability

Summary

This host is running XAMPP and prone to PHP upload vulnerability.

Impact

Successful exploitation may allow remote attackers to gain unauthorized access to the system. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A Workaround is to delete or change the default webdav password file. For details refer, http://serverpress.com/topic/xammp-webdav-security-patch/

Insight

The flaw exists because XAMPP contains a default username and password within the WebDAV folder, which allows attackers to gain unauthorized access to the system.

Affected

XAMPP

References

http://packetstormsecurity.org/files/108420/xampp_webdav_upload_php.rb.txt
http://www.exploit-db.com/exploits/18367
http://xforce.iss.net/xforce/xfdb/72397

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ApPHP MicroBlog Remote Code Execution Vulnerability
4psa Voipnow Local File Inclusion Vulnerability
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability
ArticleFR CMS Multiple Vulnerabilities - Jan15

Take action and discover your vulnerabilities